Skip to content

Update Terraform kubernetes to v2.37.1 #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
thetillhoff merged 1 commit into from
May 28, 2025
Merged

Update Terraform kubernetes to v2.37.1 #77

thetillhoff merged 1 commit into from
May 28, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented May 21, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
kubernetes (source) required_provider patch 2.37.0 -> 2.37.1

Release Notes

hashicorp/terraform-provider-kubernetes (kubernetes)

v2.37.1

Compare Source

BUG FIXES:

  • Fixes issue #​2732 where the provider would fail when used with Terraform >= v1.12.1 due to missing GetResourceIdentitySchemas implementation. [GH-2732]

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link

github-actions bot commented May 21, 2025
edited
Loading 


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.k8s.module.cluster.helm_release.cilium will be updated in-place
  ~ resource "helm_release" "cilium" {
        id                         = "cilium"
      ~ metadata                   = [
          - {
              - app_version    = "1.17.4"
              - chart          = "cilium"
              - first_deployed = 1747600014
              - last_deployed  = 1748123176
              - name           = "cilium"
              - namespace      = "kube-system"
              - notes          = <<-EOT
                    You have successfully installed Cilium with Hubble.
                    
                    Your release version is 1.17.4.
                    
                    For any further help, visit https://docs.cilium.io/en/v1.17/gettinghelp
                EOT
              - revision       = 4
              - values         = jsonencode(
                    {
                      - cgroup               = {
                          - autoMount = {
                              - enabled = false
                            }
                          - hostRoot  = "/sys/fs/cgroup"
                        }
                      - encryption           = {
                          - enabled = true
                          - type    = "wireguard"
                        }
                      - envoy                = {
                          - enabled         = true
                          - securityContext = {
                              - capabilities = {
                                  - envoy                 = [
                                      - "NET_ADMIN",
                                      - "SYS_ADMIN",
                                      - "NET_BIND_SERVICE",
                                    ]
                                  - keepCapNetBindService = true
                                }
                            }
                        }
                      - gatewayAPI           = {
                          - enableAlpn        = true
                          - enableAppProtocol = true
                          - enabled           = true
                          - hostNetwork       = {
                              - enabled = true
                            }
                        }
                      - ipam                 = {
                          - mode = "kubernetes"
                        }
                      - k8sServiceHost       = "localhost"
                      - k8sServicePort       = 7445
                      - kubeProxyReplacement = true
                      - securityContext      = {
                          - capabilities = {
                              - ciliumAgent      = [
                                  - "CHOWN",
                                  - "KILL",
                                  - "NET_ADMIN",
                                  - "NET_RAW",
                                  - "IPC_LOCK",
                                  - "SYS_ADMIN",
                                  - "SYS_RESOURCE",
                                  - "DAC_OVERRIDE",
                                  - "FOWNER",
                                  - "SETGID",
                                  - "SETUID",
                                ]
                              - cleanCiliumState = [
                                  - "NET_ADMIN",
                                  - "SYS_ADMIN",
                                  - "SYS_RESOURCE",
                                ]
                            }
                        }
                    }
                )
              - version        = "1.17.4"
            },
        ] -> (known after apply)
        name                       = "cilium"
      ~ status                     = "failed" -> "deployed"
      ~ values                     = [
          ~ <<-EOT
                # Values documented at https://artifacthub.io/packages/helm/cilium/cilium/1.17.4
                
                # namespaceOverride: cilium-system # default is kube-system
                
                # Docs for cilium on talos at https://www.talos.dev/v1.10/kubernetes-guides/network/deploying-cilium/#with-kube-proxy
                ipam:
                  mode: kubernetes
                kubeProxyReplacement: true
                securityContext:
                  capabilities:
                    ciliumAgent:
                      - CHOWN
                      - KILL
                      - NET_ADMIN
                      - NET_RAW
                      - IPC_LOCK
                      # - SYS_MODULE # "As Talos does not allow loading Kernel modules by Kubernetes workloads, SYS_MODULE needs to be dropped from the Cilium default capability list."
                      - SYS_ADMIN
                      - SYS_RESOURCE
                      - DAC_OVERRIDE
                      - FOWNER
                      - SETGID
                      - SETUID
                    cleanCiliumState:
                      - NET_ADMIN
                      - SYS_ADMIN
                      - SYS_RESOURCE
                cgroup:
                  autoMount:
                    enabled: false
                  hostRoot: /sys/fs/cgroup
                k8sServiceHost: localhost
                k8sServicePort: 7445
                # ---
              + # Enabling IPv6
              + # TODO: Enable this once we have IPv6 support in the cluster (talos)
              + # More info at https://docs.cilium.io/en/stable/helm-reference/
              + # ipv6:
              + #   enabled: true
              + # ---
                encryption:
                  enabled: true # This enabled encryption for pod-to-pod traffic
                  type: wireguard
                  # Node Encryption is not useful to add, since "Cilium automatically disables node-to-node encryption from and to Kubernetes control-plane nodes"
                  # More info at https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#node-to-node-encryption-beta
                  # nodeEncryption: true
                # ---
                # Enabling gatewayAPI
                # Using hostNetwork mode removes the need for separate loadbalancer
                # More info at https://docs.cilium.io/en/stable/network/servicemesh/gateway-api/gateway-api/#host-network-mode
                gatewayAPI:
                  enabled: true
                  hostNetwork:
                    enabled: true
                  # ALPN will attempt HTTP/2, then HTTP 1.1.
                  # Note that this will also enable appProtocol support, and services that wish to use HTTP/2 will need to indicate that via their `appProtocol`.
                  enableAlpn: true
                  enableAppProtocol: true
                # Enabling dedicated envoy daemonset for the gateway listener
                # The additional capabilities are required for gateways to listen on privileged ports
                # More info at https://docs.cilium.io/en/stable/network/servicemesh/gateway-api/gateway-api/#bind-to-privileged-port
                envoy:
                  enabled: true
                  securityContext:
                    capabilities:
                      keepCapNetBindService: true
                      envoy:
                        - NET_ADMIN
                        - SYS_ADMIN
                        - NET_BIND_SERVICE
            EOT,
        ]
        # (25 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

@renovate renovate bot force-pushed the renovate/kubernetes-2.x branch 11 times, most recently from d92b698 to 8b3edda Compare May 25, 2025 03:13
@renovate renovate bot force-pushed the renovate/kubernetes-2.x branch from 8b3edda to 464ca67 Compare May 28, 2025 09:22
@thetillhoff thetillhoff merged commit a8e2374 into main May 28, 2025
2 checks passed
@thetillhoff thetillhoff deleted the renovate/kubernetes-2.x branch May 28, 2025 09:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thetillhoff