feat(addons): bump 9 charts across major versions to current

addons/observability/opencost/values.yaml

@@ -3,18 +3,13 @@
 opencost:
   exporter:
     defaultClusterId: eks
-    aws:
-      spot_data_region: us-west-2
     resources:
       requests:
         cpu: 50m
         memory: 128Mi
       limits:
         cpu: 200m
         memory: 256Mi
-    tolerations:
-      - key: CriticalAddonsOnly
-        operator: Exists
   ui:
     enabled: true
     resources:
@@ -24,6 +19,9 @@ opencost:
       limits:
         cpu: 100m
         memory: 128Mi
-    tolerations:
-      - key: CriticalAddonsOnly
-        operator: Exists
+  # Single deployment (exporter + ui), so tolerations live at opencost.tolerations
+  # — the previous per-component exporter/ui tolerations sat on invalid paths and
+  # were silently dropped, so CriticalAddonsOnly never actually applied until now.
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists

addons/security/falco/values-production.yaml

@@ -8,5 +8,5 @@ resources:
     memory: 4Gi
 
 driver:
-  modern_ebpf:
-    cpus_for_each_buffer: 8
+  modernEbpf:
+    cpusForEachBuffer: 8

addons/security/falco/values.yaml

@@ -2,23 +2,21 @@
 
 driver:
   kind: modern_ebpf
-  modern_ebpf:
-    cpus_for_each_buffer: 4
-    buf_size_preset: 4
+  # camelCase keys — the previous snake_case (modern_ebpf/cpus_for_each_buffer/
+  # buf_size_preset) sat on invalid paths and were silently dropped, so this
+  # ring-buffer tuning did not apply until now.
+  modernEbpf:
+    cpusForEachBuffer: 4
+    bufSizePreset: 4
 
 falco:
-  grpc:
-    enabled: true
-    bind_address: "unix:///run/falco/falco.sock"
-  grpc_output:
-    enabled: true
   json_output: true
   log_stderr: true
   log_syslog: false
   priority: warning
   rule_matching: first
-  syscall_drop_failed_exit: true
-  libs:
+  # falco_libs (not libs) is the real config key for libsinspector tuning.
+  falco_libs:
     thread_table_auto_purging_interval_s: 120
     thread_table_auto_purging_thread_timeout_s: 120
 

applicationsets/addons-argo-platform.yaml

@@ -35,7 +35,7 @@ spec:
                   namespace: argo-workflows
                   chartRepo: https://argoproj.github.io/argo-helm
                   chart: argo-workflows
-                  chartVersion: "0.45.1"
+                  chartVersion: "1.0.14"
                   path: addons/argo-platform/argo-workflows
                   syncWave: "52"
   template:

applicationsets/addons-bootstrap.yaml

@@ -28,14 +28,14 @@ spec:
                   namespace: external-secrets
                   chartRepo: https://charts.external-secrets.io
                   chart: external-secrets
-                  chartVersion: "0.17.0"
+                  chartVersion: "2.6.0"
                   path: addons/bootstrap/external-secrets
                   syncWave: "0"
                 - appName: prometheus-operator-crds
                   namespace: monitoring
                   chartRepo: https://prometheus-community.github.io/helm-charts
                   chart: prometheus-operator-crds
-                  chartVersion: "19.1.0"
+                  chartVersion: "29.0.0"
                   path: addons/bootstrap/prometheus-operator-crds
                   syncWave: "0"
                 - appName: metrics-server

applicationsets/addons-networking.yaml

@@ -28,7 +28,7 @@ spec:
                   namespace: kube-system
                   chartRepo: https://aws.github.io/eks-charts
                   chart: aws-load-balancer-controller
-                  chartVersion: "1.14.1"
+                  chartVersion: "3.4.0"
                   path: addons/networking/aws-load-balancer-controller
                   syncWave: "1"
                 - appName: external-dns

applicationsets/addons-observability.yaml

@@ -21,7 +21,7 @@ spec:
                   namespace: monitoring
                   chartRepo: https://grafana.github.io/helm-charts
                   chart: loki
-                  chartVersion: 6.29.0
+                  chartVersion: 7.0.0
                   path: addons/observability/loki
                   syncWave: "30"
                 - appName: tempo
@@ -42,7 +42,7 @@ spec:
                   namespace: opencost
                   chartRepo: https://opencost.github.io/opencost-helm-chart
                   chart: opencost
-                  chartVersion: "1.42.2"
+                  chartVersion: "2.5.22"
                   path: addons/observability/opencost
                   syncWave: "33"
                 - appName: grafana-operator

applicationsets/addons-operations-helm.yaml

@@ -21,7 +21,7 @@ spec:
                   namespace: velero
                   chartRepo: https://vmware-tanzu.github.io/helm-charts
                   chart: velero
-                  chartVersion: 11.3.2
+                  chartVersion: 12.0.2
                   path: addons/operations/velero
                   syncWave: "40"
                 - appName: vpa
@@ -35,7 +35,7 @@ spec:
                   namespace: goldilocks
                   chartRepo: https://charts.fairwinds.com/stable
                   chart: goldilocks
-                  chartVersion: 9.2.0
+                  chartVersion: 10.3.0
                   path: addons/operations/goldilocks
                   syncWave: "42"
                 - appName: descheduler

applicationsets/addons-security.yaml

@@ -35,7 +35,7 @@ spec:
                   namespace: falco
                   chartRepo: https://falcosecurity.github.io/charts
                   chart: falco
-                  chartVersion: 8.0.1
+                  chartVersion: 9.0.0
                   path: addons/security/falco
                   syncWave: "12"
   template: