feat(addons): bump 9 charts across major versions to current#36
Merged
Conversation
The cross-major half of the eks-gitops catalog version-currency bump. Each researched against the real upstream changelogs + chart values diffs, then helm-template-validated at the new version with the eks-gitops values (the appsets reference remote charts, so this render is the schema gate — CI's task validate covers structure only). Key per-env settings confirmed to still bind (no silent drop from a rename). Pure version bumps — values already schema-compatible, render + bindings verified: - external-secrets 0.17.0 -> 2.6.0 (IRSA SA annotation binds; image registry default moved to ghcr.io) - prometheus-operator-crds 19.1.0 -> 29.0.0 (CRDs-only, additive) - loki 6.29.0 -> 7.0.0 - velero 11.3.2 -> 12.0.2 - argo-workflows 0.45.1 -> 1.0.14 (app v3.6 -> v4.0) - aws-load-balancer-controller 1.14.1 -> 3.4.0 - goldilocks 9.2.0 -> 10.3.0 Bumped + values migrated (the edits also fix pre-existing silently-dropped keys surfaced by the research): - opencost 1.42.2 -> 2.5.22: removed the dead exporter.aws.spot_data_region; collapsed the invalid per-component exporter/ui tolerations into the chart's global opencost.tolerations — so the CriticalAddonsOnly toleration actually applies now (it never did before, wrong path). - falco 8.0.1 -> 9.0.0: removed the grpc / grpc_output blocks (gone in 9.0 — use falcosidekick for an output sink) and the invalid syscall_drop_failed_exit; fixed the driver ring-buffer keys to camelCase (modernEbpf/cpusForEachBuffer/bufSizePreset) and falco.libs -> falco.falco_libs, so that tuning binds now (base + production). Completes the eks-gitops side of the kx#6 currency reconcile (eks-gitops was a full major behind kx on the original 4). kx pins to these versions in a paired change. Closes #6
CI Results
All validations passed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The cross-major half of the eks-gitops catalog version-currency bump (the catalog had drifted — eks-gitops was a full major behind kx on the original kx#6 four). Each was researched against the real upstream changelogs + chart
values.yamldiffs, then helm-template-validated at the new version with the eks-gitops values, with key per-env settings confirmed to still bind (no silent drop).Pure version bumps (values already schema-compatible):
external-secrets
0.17→2.6(IRSA annotation binds; image default moved to ghcr.io), prometheus-operator-crds19→29(CRDs, additive), loki6.29→7.0, velero11.3→12.0, argo-workflows0.45→1.0(app v3.6→v4.0), aws-load-balancer-controller1.14→3.4, goldilocks9.2→10.3.Bumped + values migrated (the edits also fix pre-existing silently-dropped keys the research surfaced):
1.42→2.5— removed deadexporter.aws.spot_data_region; collapsed the invalid per-componentexporter/uitolerations into the chart's globalopencost.tolerations, so the CriticalAddonsOnly toleration now actually applies (it was on a wrong path before).8.0→9.0— removed thegrpc/grpc_outputblocks (gone in 9.0) + invalidsyscall_drop_failed_exit; fixed the driver ring-buffer keys to camelCase (modernEbpf/cpusForEachBuffer/bufSizePreset) andfalco.libs→falco.falco_libs, so that tuning now binds (base + production).Verification
helm templateclean at the new version with the eks-gitops values; spot-checked bindings: external-secrets IRSA annotation ✓, opencost toleration now binds ✓, falcomodernEbpfconfig binds ✓ (no grpc).task validatepasses; no account IDs in the diff.Resolves the eks-gitops side of nanohype/kx#6 (kx pins to these versions in a paired change; I'll close kx#6 once both land).