From 23fa19386a38f8f82ed22123b022977f73fadf3d Mon Sep 17 00:00:00 2001 From: Terraform IBM Modules Operations Date: Sat, 20 Dec 2025 22:52:58 +0000 Subject: [PATCH] fix(deps): update dependencies --- README.md | 8 ++++---- common-dev-assets | 2 +- examples/obs-agent-iks/main.tf | 6 +++--- examples/obs-agent-ocp/main.tf | 8 ++++---- solutions/fully-configurable/main.tf | 2 +- solutions/fully-configurable/variables.tf | 8 ++++---- tests/go.mod | 4 ++-- tests/go.sum | 8 ++++---- tests/resources/main.tf | 6 +++--- variables.tf | 8 ++++---- 10 files changed, 30 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 58e3b0d..c388cb4 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,7 @@ No modules. | [access\_key](#input\_access\_key) | Access key used by the agent to communicate with the instance. Either `access_key` or `existing_access_key_secret_name` is required. This value will be stored in a new secret on the cluster if passed. If you want to use this agent for only metrics or metrics with security and compliance, use a manager key scoped to the IBM Cloud Monitoring instance. If you only want to use the agent for security and compliance use a manager key scoped to the Security and Compliance Center Workload Protection instance. | `string` | `null` | no | | [add\_cluster\_name](#input\_add\_cluster\_name) | If true, configure the agent to associate a tag containing the cluster name. This tag is added in the format `ibm-containers-kubernetes-cluster-name: cluster_name`. | `bool` | `true` | no | | [agent\_image\_repository](#input\_agent\_image\_repository) | The image repository to pull the agent image from. | `string` | `"agent-slim"` | no | -| [agent\_image\_tag\_digest](#input\_agent\_image\_tag\_digest) | The image tag or digest of agent image to use. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `kernel_module_image_digest`. | `string` | `"14.3.0@sha256:281da13df130813a4f00171756046ac969150d36a9b0dd32a817d41502f19fe4"` | no | +| [agent\_image\_tag\_digest](#input\_agent\_image\_tag\_digest) | The image tag or digest of agent image to use. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `kernel_module_image_digest`. | `string` | `"14.3.1@sha256:1055002e0e8f88d62d62ea77a7383d44ef33e79ed6d07d3d6431a810421d30b7"` | no | | [agent\_limits\_cpu](#input\_agent\_limits\_cpu) | Specify CPU resource limits for the agent. For more info, see https://cloud.ibm.com/docs/monitoring?topic=monitoring-resource_requirements | `string` | `"1"` | no | | [agent\_limits\_memory](#input\_agent\_limits\_memory) | Specify memory resource limits for the agent. For more info, see https://cloud.ibm.com/docs/monitoring?topic=monitoring-resource_requirements | `string` | `"1024Mi"` | no | | [agent\_mode](#input\_agent\_mode) | The operational mode for the monitoring agent. [Learn more](https://docs.sysdig.com/en/docs/administration/configure-agent-modes/). | `string` | `null` | no | @@ -121,13 +121,13 @@ No modules. | [blacklisted\_ports](#input\_blacklisted\_ports) | To block network traffic and metrics from network ports, pass the list of ports from which you want to filter out any data. For more info, see https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_agent#ports | `list(number)` | `[]` | no | | [chart](#input\_chart) | The name of the Helm chart to deploy. Use `chart_location` to specify helm chart location. | `string` | `"sysdig-deploy"` | no | | [chart\_location](#input\_chart\_location) | The location of the agent helm chart. | `string` | `"https://charts.sysdig.com"` | no | -| [chart\_version](#input\_chart\_version) | The version of the agent helm chart to deploy. | `string` | `"1.99.3"` | no | +| [chart\_version](#input\_chart\_version) | The version of the agent helm chart to deploy. | `string` | `"1.99.5"` | no | | [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no | | [cluster\_id](#input\_cluster\_id) | The ID of the cluster you wish to deploy the agent in. | `string` | n/a | yes | | [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The resource group ID of the cluster. | `string` | n/a | yes | | [cluster\_shield\_deploy](#input\_cluster\_shield\_deploy) | Deploy the Cluster Shield component to provide runtime detection and policy enforcement for Kubernetes workloads. If enabled, a Kubernetes Deployment will be deployed to your cluster using helm. | `bool` | `true` | no | | [cluster\_shield\_image\_repository](#input\_cluster\_shield\_image\_repository) | The image repository to pull the Cluster Shield image from. | `string` | `"cluster-shield"` | no | -| [cluster\_shield\_image\_tag\_digest](#input\_cluster\_shield\_image\_tag\_digest) | The image tag or digest to pull for the Cluster Shield component. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`. | `string` | `"1.18.0@sha256:7483541416442fd5b81bdf2f6cc7905a9ae9f3e696929247e3b18889476d54df"` | no | +| [cluster\_shield\_image\_tag\_digest](#input\_cluster\_shield\_image\_tag\_digest) | The image tag or digest to pull for the Cluster Shield component. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`. | `string` | `"1.18.1@sha256:468b5b2347919c9e872996a876aff785663283d5fffbcd08629cf6011b35afc3"` | no | | [cluster\_shield\_limits\_cpu](#input\_cluster\_shield\_limits\_cpu) | Specify CPU resource limits for the cluster shield pods. | `string` | `"1500m"` | no | | [cluster\_shield\_limits\_memory](#input\_cluster\_shield\_limits\_memory) | Specify memory resource limits for the cluster shield pods. | `string` | `"1536Mi"` | no | | [cluster\_shield\_requests\_cpu](#input\_cluster\_shield\_requests\_cpu) | Specify CPU resource requests for the cluster shield pods. | `string` | `"500m"` | no | @@ -144,7 +144,7 @@ No modules. | [image\_registry\_namespace](#input\_image\_registry\_namespace) | The namespace within the image registry to pull all images from. | `string` | `"ext/sysdig"` | no | | [instance\_region](#input\_instance\_region) | The region of the IBM Cloud Monitoring instance that you want to send metrics to. The region value is used to construct the ingestion and api endpoints. If you are only using the agent for security and compliance monitoring, set this to the region of your IBM Cloud Security and Compliance Center Workload Protection instance. If you have both Cloud Monitoring and Security and Compliance Center Workload Protection instances, the instances must be connected and must be in the same region to use the same agent. | `string` | n/a | yes | | [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no | -| [kernel\_module\_image\_digest](#input\_kernel\_module\_image\_digest) | The image digest to use for the agent kernel module used by the initContainer. Must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `agent_image_tag_digest`. Note: Only digest format is supported; image tag is not supported. | `string` | `"14.3.0@sha256:dd3279359d296e5e210ecca1287a8da3bf43d9fbb396f519bc7ec14f9126bf52"` | no | +| [kernel\_module\_image\_digest](#input\_kernel\_module\_image\_digest) | The image digest to use for the agent kernel module used by the initContainer. Must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `agent_image_tag_digest`. Note: Only digest format is supported; image tag is not supported. | `string` | `"14.3.1@sha256:b7f7354d04850b7fe0cd58a9218c60070575a2946e986c6709b57f46a1b15069"` | no | | [kernel\_module\_image\_repository](#input\_kernel\_module\_image\_repository) | The image repository to pull the agent kernel module initContainer image from. | `string` | `"agent-kmodule"` | no | | [max\_surge](#input\_max\_surge) | The number of pods that can be created above the desired amount of daemonset pods during an update. If `max_surge` is set to null, the `max_surge` setting is ignored. The variable accepts absolute number or percentage value(e.g., '1' or '10%'). | `string` | `null` | no | | [max\_unavailable](#input\_max\_unavailable) | The maximum number of pods that can be unavailable during a DaemonSet rolling update. Accepts absolute number or percentage (e.g., '1' or '10%'). | `string` | `"1"` | no | diff --git a/common-dev-assets b/common-dev-assets index c712916..758c4b5 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit c712916bbbc7e10e40d23c0a6daf824351319329 +Subproject commit 758c4b5646a6348f0d35d910c85eac1b4f58b080 diff --git a/examples/obs-agent-iks/main.tf b/examples/obs-agent-iks/main.tf index ad1effa..0805908 100644 --- a/examples/obs-agent-iks/main.tf +++ b/examples/obs-agent-iks/main.tf @@ -4,7 +4,7 @@ module "resource_group" { source = "terraform-ibm-modules/resource-group/ibm" - version = "1.4.6" + version = "1.4.7" # if an existing resource group is not set (null) create a new one using prefix resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null existing_resource_group_name = var.resource_group @@ -108,7 +108,7 @@ resource "time_sleep" "wait_operators" { module "cloud_monitoring" { source = "terraform-ibm-modules/cloud-monitoring/ibm" - version = "1.12.1" + version = "1.12.3" instance_name = "${var.prefix}-cloud-monitoring" resource_group_id = module.resource_group.resource_group_id resource_tags = var.resource_tags @@ -122,7 +122,7 @@ module "cloud_monitoring" { module "scc_wp" { source = "terraform-ibm-modules/scc-workload-protection/ibm" - version = "1.16.5" + version = "1.16.8" name = "${var.prefix}-scc-wp" resource_group_id = module.resource_group.resource_group_id region = var.region diff --git a/examples/obs-agent-ocp/main.tf b/examples/obs-agent-ocp/main.tf index c8c0238..8772bfd 100644 --- a/examples/obs-agent-ocp/main.tf +++ b/examples/obs-agent-ocp/main.tf @@ -4,7 +4,7 @@ module "resource_group" { source = "terraform-ibm-modules/resource-group/ibm" - version = "1.4.6" + version = "1.4.7" # if an existing resource group is not set (null) create a new one using prefix resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null existing_resource_group_name = var.resource_group @@ -71,7 +71,7 @@ locals { module "ocp_base" { source = "terraform-ibm-modules/base-ocp-vpc/ibm" - version = "3.75.3" + version = "3.75.6" resource_group_id = module.resource_group.resource_group_id region = var.region tags = var.resource_tags @@ -95,7 +95,7 @@ data "ibm_container_cluster_config" "cluster_config" { module "cloud_monitoring" { source = "terraform-ibm-modules/cloud-monitoring/ibm" - version = "1.12.1" + version = "1.12.3" instance_name = "${var.prefix}-cloud-monitoring" resource_group_id = module.resource_group.resource_group_id resource_tags = var.resource_tags @@ -109,7 +109,7 @@ module "cloud_monitoring" { module "scc_wp" { source = "terraform-ibm-modules/scc-workload-protection/ibm" - version = "1.16.5" + version = "1.16.8" name = "${var.prefix}-scc-wp" resource_group_id = module.resource_group.resource_group_id region = var.region diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index bb00392..e2e124e 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -16,7 +16,7 @@ locals { module "instance_crn_parser" { source = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser" - version = "1.3.5" + version = "1.3.7" crn = var.instance_crn } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 353e7ba..c0609b0 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -186,7 +186,7 @@ variable "chart_version" { description = "The version of the agent helm chart to deploy." type = string # This version is automatically managed by renovate automation - do not remove the registryUrl comment on next line - default = "1.99.3" # registryUrl: charts.sysdig.com + default = "1.99.5" # registryUrl: charts.sysdig.com nullable = false } @@ -215,7 +215,7 @@ variable "agent_image_tag_digest" { description = "The image tag or digest of agent image to use. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `kernel_module_image_digest`." type = string # This version is automatically managed by renovate automation - do not remove the datasource comment on next line - default = "14.3.0@sha256:281da13df130813a4f00171756046ac969150d36a9b0dd32a817d41502f19fe4" # datasource: icr.io/ext/sysdig/agent-slim + default = "14.3.1@sha256:1055002e0e8f88d62d62ea77a7383d44ef33e79ed6d07d3d6431a810421d30b7" # datasource: icr.io/ext/sysdig/agent-slim nullable = false } @@ -223,7 +223,7 @@ variable "kernel_module_image_digest" { description = "The image digest to use for the agent kernel module used by the initContainer. Must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `agent_image_tag_digest`. Note: Only digest format is supported; image tag is not supported." type = string # This version is automatically managed by renovate automation - do not remove the datasource comment on next line - default = "14.3.0@sha256:dd3279359d296e5e210ecca1287a8da3bf43d9fbb396f519bc7ec14f9126bf52" # datasource: icr.io/ext/sysdig/agent-kmodule + default = "14.3.1@sha256:b7f7354d04850b7fe0cd58a9218c60070575a2946e986c6709b57f46a1b15069" # datasource: icr.io/ext/sysdig/agent-kmodule nullable = false validation { condition = can(regex("^\\d+\\.\\d+\\.\\d+@sha256:[a-f0-9]{64}$", var.kernel_module_image_digest)) @@ -388,7 +388,7 @@ variable "cluster_shield_image_tag_digest" { description = "The image tag or digest to pull for the Cluster Shield component. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`." type = string # This version is automatically managed by renovate automation - do not remove the datasource comment on next line - default = "1.18.0@sha256:7483541416442fd5b81bdf2f6cc7905a9ae9f3e696929247e3b18889476d54df" # datasource: icr.io/ext/sysdig/cluster-shield + default = "1.18.1@sha256:468b5b2347919c9e872996a876aff785663283d5fffbcd08629cf6011b35afc3" # datasource: icr.io/ext/sysdig/cluster-shield } variable "cluster_shield_image_repository" { diff --git a/tests/go.mod b/tests/go.mod index 0c70132..659f1e8 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -5,7 +5,7 @@ go 1.25.5 require ( github.com/gruntwork-io/terratest v0.54.0 github.com/stretchr/testify v1.11.1 - github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.64.0 + github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.64.1 ) require ( @@ -35,7 +35,7 @@ require ( github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/analysis v0.23.0 // indirect - github.com/go-openapi/errors v0.22.5 // indirect + github.com/go-openapi/errors v0.22.6 // indirect github.com/go-openapi/jsonpointer v0.21.1 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/loads v0.22.0 // indirect diff --git a/tests/go.sum b/tests/go.sum index d7a5dfb..f9b54fa 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -83,8 +83,8 @@ github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC0 github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= -github.com/go-openapi/errors v0.22.5 h1:Yfv4O/PRYpNF3BNmVkEizcHb3uLVVsrDt3LNdgAKRY4= -github.com/go-openapi/errors v0.22.5/go.mod h1:z9S8ASTUqx7+CP1Q8dD8ewGH/1JWFFLX/2PmAYNQLgk= +github.com/go-openapi/errors v0.22.6 h1:eDxcf89O8odEnohIXwEjY1IB4ph5vmbUsBMsFNwXWPo= +github.com/go-openapi/errors v0.22.6/go.mod h1:z9S8ASTUqx7+CP1Q8dD8ewGH/1JWFFLX/2PmAYNQLgk= github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic= github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= @@ -297,8 +297,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.64.0 h1:uaGN3RMlOpmkqCXPjlygPiCqnGhszYP6YU3rWWsp0wc= -github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.64.0/go.mod h1:HqX0S0Ue19y7TJRGR5+Np2Aq0xElgw3mM3zZCWwQc1I= +github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.64.1 h1:DTEreyr7dQQdAp36UbdjiZBS8C6BxVn9kpvR3ZqcV5s= +github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.64.1/go.mod h1:ZAjHMb7i4CWS+jiFbnbMGVBKMj9i6B4XmC6js94XlF4= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmccombs/hcl2json v0.6.4 h1:/FWnzS9JCuyZ4MNwrG4vMrFrzRgsWEOVi+1AyYUVLGw= github.com/tmccombs/hcl2json v0.6.4/go.mod h1:+ppKlIW3H5nsAsZddXPy2iMyvld3SHxyjswOZhavRDk= diff --git a/tests/resources/main.tf b/tests/resources/main.tf index ac0646c..176c501 100644 --- a/tests/resources/main.tf +++ b/tests/resources/main.tf @@ -4,7 +4,7 @@ module "resource_group" { source = "terraform-ibm-modules/resource-group/ibm" - version = "1.4.6" + version = "1.4.7" # if an existing resource group is not set (null) create a new one using prefix resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null existing_resource_group_name = var.resource_group @@ -71,7 +71,7 @@ locals { module "ocp_base" { source = "terraform-ibm-modules/base-ocp-vpc/ibm" - version = "3.75.3" + version = "3.75.6" resource_group_id = module.resource_group.resource_group_id region = var.region tags = var.resource_tags @@ -90,7 +90,7 @@ module "ocp_base" { module "cloud_monitoring" { source = "terraform-ibm-modules/cloud-monitoring/ibm" - version = "1.12.1" + version = "1.12.3" instance_name = "${var.prefix}-cloud-monitoring" resource_group_id = module.resource_group.resource_group_id resource_tags = var.resource_tags diff --git a/variables.tf b/variables.tf index b71bf6d..7624cd7 100644 --- a/variables.tf +++ b/variables.tf @@ -162,7 +162,7 @@ variable "chart_version" { description = "The version of the agent helm chart to deploy." type = string # This version is automatically managed by renovate automation - do not remove the registryUrl comment on next line - default = "1.99.3" # registryUrl: charts.sysdig.com + default = "1.99.5" # registryUrl: charts.sysdig.com nullable = false } @@ -191,7 +191,7 @@ variable "agent_image_tag_digest" { description = "The image tag or digest of agent image to use. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `kernel_module_image_digest`." type = string # This version is automatically managed by renovate automation - do not remove the datasource comment on next line - default = "14.3.0@sha256:281da13df130813a4f00171756046ac969150d36a9b0dd32a817d41502f19fe4" # datasource: icr.io/ext/sysdig/agent-slim + default = "14.3.1@sha256:1055002e0e8f88d62d62ea77a7383d44ef33e79ed6d07d3d6431a810421d30b7" # datasource: icr.io/ext/sysdig/agent-slim nullable = false } @@ -199,7 +199,7 @@ variable "kernel_module_image_digest" { description = "The image digest to use for the agent kernel module used by the initContainer. Must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `agent_image_tag_digest`. Note: Only digest format is supported; image tag is not supported." type = string # This version is automatically managed by renovate automation - do not remove the datasource comment on next line - default = "14.3.0@sha256:dd3279359d296e5e210ecca1287a8da3bf43d9fbb396f519bc7ec14f9126bf52" # datasource: icr.io/ext/sysdig/agent-kmodule + default = "14.3.1@sha256:b7f7354d04850b7fe0cd58a9218c60070575a2946e986c6709b57f46a1b15069" # datasource: icr.io/ext/sysdig/agent-kmodule nullable = false validation { condition = can(regex("^\\d+\\.\\d+\\.\\d+@sha256:[a-f0-9]{64}$", var.kernel_module_image_digest)) @@ -393,7 +393,7 @@ variable "cluster_shield_image_tag_digest" { description = "The image tag or digest to pull for the Cluster Shield component. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`." type = string # This version is automatically managed by renovate automation - do not remove the datasource comment on next line - default = "1.18.0@sha256:7483541416442fd5b81bdf2f6cc7905a9ae9f3e696929247e3b18889476d54df" # datasource: icr.io/ext/sysdig/cluster-shield + default = "1.18.1@sha256:468b5b2347919c9e872996a876aff785663283d5fffbcd08629cf6011b35afc3" # datasource: icr.io/ext/sysdig/cluster-shield } variable "cluster_shield_image_repository" {