Bumped binary and TF provider versions

Author: adamrushuk

.github/workflows/build.yml

@@ -64,7 +64,7 @@ env:
   TF_LOG: "ERROR" # TRACE, DEBUG, INFO, WARN or ERROR
   TF_PLAN: "tfplan"
   # https://github.com/hashicorp/terraform/releases
-  TF_VERSION: "1.3.4"
+  TF_VERSION: "1.3.7"
   TF_WORKING_DIR: ./terraform
   # azurerm provider oidc
   # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_oidc

.github/workflows/destroy.yml

@@ -60,7 +60,7 @@ env:
   TF_LOG_PATH: terraform.log
   TF_LOG: "ERROR" # https://developer.hashicorp.com/terraform/internals/debugging
   # https://github.com/hashicorp/terraform/releases
-  TF_VERSION: "1.3.4"
+  TF_VERSION: "1.3.7"
   TF_WORKING_DIR: terraform
   # azurerm provider oidc
   # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_oidc

terraform/files/scripts/argocd_config.sh

@@ -19,7 +19,7 @@ ARGOCD_HEALTH_CHECK_URL="https://$ARGOCD_FQDN/healthz"
 
 # Install
 # https://github.com/argoproj/argo-cd/releases/
-VERSION="v2.5.2"
+VERSION="v2.5.9"
 curl -sSL -o "$ARGOCD_PATH" "https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-linux-amd64"
 chmod +x "$ARGOCD_PATH"
 

terraform/helm/argocd_default_values.yaml

@@ -1,14 +1,14 @@
-# source: https://github.com/vmware-tanzu/helm-charts/blob/velero-2.32.1/charts/velero/values.yaml
+# source: https://github.com/vmware-tanzu/helm-charts/blob/velero-3.1.0/charts/velero/values.yaml
 
 ##
 ## Configuration settings that directly affect the Velero deployment YAML.
 ##
 
 # Details of the container image to use in the Velero deployment & daemonset (if
-# enabling restic). Required.
+# enabling node-agent). Required.
 image:
   repository: velero/velero
-  tag: v1.9.2
+  tag: v1.10.0
   # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38.
   # If used, it will take precedence over the image.tag.
   # digest:
@@ -55,13 +55,13 @@ dnsPolicy: ClusterFirst
 # If the value is a string then it is evaluated as a template.
 initContainers:
   # - name: velero-plugin-for-csi
-  #   image: velero/velero-plugin-for-csi:v0.3.1
+  #   image: velero/velero-plugin-for-csi:v0.3.2
   #   imagePullPolicy: IfNotPresent
   #   volumeMounts:
   #     - mountPath: /target
   #       name: plugins
   # - name: velero-plugin-for-aws
-  #   image: velero/velero-plugin-for-aws:v1.5.1
+  #   image: velero/velero-plugin-for-aws:v1.5.2
   #   imagePullPolicy: IfNotPresent
   #   volumeMounts:
   #     - mountPath: /target
@@ -154,6 +154,7 @@ metrics:
 
   serviceMonitor:
     enabled: false
+    annotations: {}
     additionalLabels: {}
     # ServiceMonitor namespace. Default to Velero namespace.
     # namespace:
@@ -286,46 +287,60 @@ configuration:
   # here if using a non-default value. The `velero server` default values are shown in the
   # comments below.
   # --------------------
+  # `velero server` default: restic
+  uploaderType:
   # `velero server` default: 1m
   backupSyncPeriod:
-  # `velero server` default: 1h
-  resticTimeout:
-  # `velero server` default: namespaces,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods
-  restoreResourcePriorities:
-  # `velero server` default: false
-  restoreOnlyMode:
-  # `velero server` default: 20.0
-  clientQPS:
+  # `velero server` default: 4h
+  fsBackupTimeout:
   # `velero server` default: 30
   clientBurst:
-  # `velero server` default: empty
+  # `velero server` default: 500
   clientPageSize:
+  # `velero server` default: 20.0
+  clientQPS:
+  # Name of the default backup storage location. Default: default
+  defaultBackupStorageLocation:
+  # How long to wait by default before backups can be garbage collected. Default: 72h
+  defaultBackupTTL:
+  # Name of the default volume snapshot location.
+  defaultVolumeSnapshotLocations:
   # `velero server` default: empty
   disableControllers:
-  # `velero server` default: 1m
-  storeValidationFrequency:
   # `velero server` default: 1h
   garbageCollectionFrequency:
-  #
-
-  # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'"
-  extraEnvVars: {}
-
+  # Set log-format for Velero pod. Default: text. Other option: json.
+  logFormat:
+  # Set log-level for Velero pod. Default: info. Other options: debug, warning, error, fatal, panic.
+  logLevel:
+  # The address to expose prometheus metrics. Default: :8085
+  metricsAddress:
+  # Directory containing Velero plugins. Default: /plugins
+  pluginDir:
+  # The address to expose the pprof profiler. Default: localhost:6060
+  profilerAddress:
+  # `velero server` default: false
+  restoreOnlyMode:
+  # `velero server` default: customresourcedefinitions,namespaces,storageclasses,volumesnapshotclass.snapshot.storage.k8s.io,volumesnapshotcontents.snapshot.storage.k8s.io,volumesnapshots.snapshot.storage.k8s.io,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods,replicasets.apps,clusterclasses.cluster.x-k8s.io,clusters.cluster.x-k8s.io,clusterresourcesets.addons.cluster.x-k8s.io
+  restoreResourcePriorities:
+  # `velero server` default: 1m
+  storeValidationFrequency:
+  # How long to wait on persistent volumes and namespaces to terminate during a restore before timing out. Default: 10m
+  terminatingResourceTimeout:
   # Comma separated list of velero feature flags. default: empty
   # features: EnableCSI
   features:
+  # `velero server` default: velero
+  namespace:
 
-  # Set log-level for Velero pod. Default: info. Other options: debug, warning, error, fatal, panic.
-  logLevel:
-
-  # Set log-format for Velero pod. Default: text. Other option: json.
-  logFormat:
+  # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'"
+  extraEnvVars: {}
 
-  # Set true for backup all pod volumes without having to apply annotation on the pod when used restic Default: false. Other option: false.
-  defaultVolumesToRestic:
+  # Set true for backup all pod volumes without having to apply annotation on the pod when used file system backup Default: false.
+  defaultVolumesToFsBackup:
 
-  # How often 'restic prune' is run for restic repositories by default. Default: 168h. Optional.
-  defaultResticPruneFrequency:
+  # How often repository maintain is run for repositories by default.
+  defaultRepoMaintainFrequency:
 
 ##
 ## End of backup/snapshot location settings.
@@ -381,7 +396,7 @@ credentials:
   # additional key/value pairs to be used as environment variables such as "DIGITALOCEAN_TOKEN: <your-key>". Values will be stored in the secret.
   extraEnvVars: {}
   # Name of a pre-existing secret (if any) in the Velero namespace
-  # that will be used to load environment variables into velero and restic.
+  # that will be used to load environment variables into velero and node-agent.
   # Secret should be in format - https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables
   extraSecretRef: ""
 
@@ -390,15 +405,15 @@ backupsEnabled: true
 # Whether to create volumesnapshotlocation crd, if false => disable snapshot feature
 snapshotsEnabled: true
 
-# Whether to deploy the restic daemonset.
-deployRestic: false
+# Whether to deploy the node-agent daemonset.
+deployNodeAgent: false
 
-restic:
+nodeAgent:
   podVolumePath: /var/lib/kubelet/pods
   privileged: false
-  # Pod priority class name to use for the Restic daemonset. Optional.
+  # Pod priority class name to use for the node-agent daemonset. Optional.
   priorityClassName: ""
-  # Resource requests/limits to specify for the Restic daemonset deployment. Optional.
+  # Resource requests/limits to specify for the node-agent daemonset deployment. Optional.
   # https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits
   resources:
     requests:
@@ -408,30 +423,30 @@ restic:
       cpu: 1000m
       memory: 1024Mi
 
-  # Tolerations to use for the Restic daemonset. Optional.
+  # Tolerations to use for the node-agent daemonset. Optional.
   tolerations: []
 
-  # Annotations to set for the Restic daemonset. Optional.
+  # Annotations to set for the node-agent daemonset. Optional.
   annotations: {}
 
-  # labels to set for the Restic daemonset. Optional.
+  # labels to set for the node-agent daemonset. Optional.
   labels: {}
 
   # will map /scratch to emptyDir. Set to false and specify your own volume
   # via extraVolumes and extraVolumeMounts that maps to /scratch
   # if you don't want to use emptyDir.
   useScratchEmptyDir: true
 
-  # Extra volumes for the Restic daemonset. Optional.
+  # Extra volumes for the node-agent daemonset. Optional.
   extraVolumes: []
 
-  # Extra volumeMounts for the Restic daemonset. Optional.
+  # Extra volumeMounts for the node-agent daemonset. Optional.
   extraVolumeMounts: []
 
-  # Key/value pairs to be used as environment variables for the Restic daemonset. Optional.
+  # Key/value pairs to be used as environment variables for the node-agent daemonset. Optional.
   extraEnvVars: {}
 
-  # Configure the dnsPolicy of the Restic daemonset
+  # Configure the dnsPolicy of the node-agent daemonset
   # See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
   dnsPolicy: ClusterFirst
 
@@ -442,20 +457,20 @@ restic:
     runAsUser: 0
     # fsGroup: 1337
 
-  # Container Level Security Context for the 'restic' container of the restic DaemonSet. Optional.
+  # Container Level Security Context for the 'node-agent' container of the node-agent daemonset. Optional.
   # See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   containerSecurityContext: {}
 
-  # Container Lifecycle Hooks to use for the Restic daemonset. Optional.
+  # Container Lifecycle Hooks to use for the node-agent daemonset. Optional.
   lifecycle: {}
 
-  # Node selector to use for the Restic daemonset. Optional.
+  # Node selector to use for the node-agent daemonset. Optional.
   nodeSelector: {}
 
-  # Affinity to use with Restic daemonset. Optional.
+  # Affinity to use with node-agent daemonset. Optional.
   affinity: {}
 
-  # DNS configuration to use for the Restic daemonset. Optional.
+  # DNS configuration to use for the node-agent daemonset. Optional.
   dnsConfig: {}
 
 # Backup schedules to create.
@@ -478,12 +493,12 @@ schedules: {}
 # Velero ConfigMaps.
 # Eg:
 # configMaps:
-#   restic-restore-action-config:
+#   fs-restore-action-config:
 #     labels:
 #       velero.io/plugin-config: ""
-#       velero.io/restic: RestoreItemAction
+#       velero.io/pod-volume-restore: RestoreItemAction
 #     data:
-#       image: velero/velero-restic-restore-helper:v1.9.2
+#       image: velero/velero-restore-helper:v1.10.0
 configMaps: {}
 
 ##

terraform/helm/velero_default_values.yaml

@@ -5,7 +5,7 @@
 initContainers:
   - name: velero-plugin-for-microsoft-azure
     # https://hub.docker.com/r/velero/velero-plugin-for-microsoft-azure/tags
-    image: velero/velero-plugin-for-microsoft-azure:v1.5.1
+    image: velero/velero-plugin-for-microsoft-azure:v1.6.0
     imagePullPolicy: IfNotPresent
     volumeMounts:
       - mountPath: /target

terraform/helm/velero_values.yaml

@@ -6,7 +6,7 @@
 # az aks get-versions --location eastus --output table
 # az aks get-versions --location uksouth --output tsv --query "orchestrators | [?default].orchestratorVersion"
 variable "kubernetes_version" {
-  default = "1.23.12"
+  default = "1.24.6"
 }
 
 # Helm charts
@@ -21,25 +21,25 @@ variable "nginx_chart_version" {
 # https://hub.helm.sh/charts/jetstack/cert-manager
 # helm search repo jetstack/cert-manager
 variable "cert_manager_chart_version" {
-  default = "v1.10.0"
+  default = "v1.11.0"
 }
 
 # https://github.com/vmware-tanzu/helm-charts/releases
 # helm search repo vmware-tanzu/velero
 # * also update terraform/helm/velero_default_values.yaml
 # * also update terraform/helm/velero_values.yaml
 variable "velero_chart_version" {
-  default = "2.32.1"
+  default = "3.1.0"
 }
 
 # https://hub.docker.com/r/velero/velero/tags
 variable "velero_image_tag" {
-  default = "v1.9.2"
+  default = "v1.10.0"
 }
 
 # https://hub.docker.com/r/sonatype/nexus3/tags
 variable "nexus_image_tag" {
-  default = "3.43.0"
+  default = "3.45.1"
 }
 
 # https://github.com/adamrushuk/charts/releases
@@ -53,32 +53,32 @@ variable "nexus_chart_version" {
 # https://github.com/SparebankenVest/public-helm-charts/blob/master/stable/akv2k8s/Chart.yaml#L5
 # helm search repo spv-charts/akv2k8s
 variable "akv2k8s_chart_version" {
-  default = "2.2.2"
+  default = "2.3.2"
 }
 
 # https://github.com/Azure/aad-pod-identity/blob/master/charts/aad-pod-identity/Chart.yaml#L4
 # helm search repo aad-pod-identity/aad-pod-identity
 variable "aad_pod_identity_chart_version" {
-  default = "4.1.14"
+  default = "4.1.15"
 }
 
 # https://bitnami.com/stack/external-dns/helm
 # https://github.com/bitnami/charts/blob/master/bitnami/external-dns/Chart.yaml
 # helm search repo bitnami/external-dns
 # helm search repo -l bitnami/external-dns
 variable "external_dns_chart_version" {
-  default = "6.11.3"
+  default = "6.13.1"
 }
 
 # https://github.com/kubereboot/charts/tree/main/charts/kured
 # helm search repo kubereboot/kured
 variable "kured_chart_version" {
-  default = "4.1.0"
+  default = "4.2.0"
 }
 
-# https://github.com/kubereboot/kured#kubernetes--os-compatibility
+# https://kured.dev/docs/installation/#kubernetes--os-compatibility
 variable "kured_image_tag" {
-  default = "1.11.0"
+  default = "1.12.0"
 }
 
 
@@ -88,13 +88,13 @@ variable "kured_image_tag" {
 # helm search repo -l argo/argo-cd | head -n 20
 # * also update terraform/helm/argocd_default_values.yaml
 variable "argocd_chart_version" {
-  default = "5.13.6"
+  default = "5.19.11"
 }
 
 # https://hub.docker.com/r/argoproj/argocd/tags
 # * also update cli version: terraform/files/scripts/argocd_config.sh#L22
 variable "argocd_image_tag" {
-  default = "v2.5.2"
+  default = "v2.5.9"
 }
 #endregion Versions