From f9b2e30ecb4737e7933235bd7ca55defd5a4fa76 Mon Sep 17 00:00:00 2001
From: Jugwan Eom <zugwan@gmail.com>
Date: Tue, 14 Nov 2023 01:38:47 +0000
Subject: [PATCH 01/10] tks-cluster: aws: update capa chart to v0.10.0

---
 tks-cluster/infra/aws/resources.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tks-cluster/infra/aws/resources.yaml b/tks-cluster/infra/aws/resources.yaml
index de288a5..b0390fb 100644
--- a/tks-cluster/infra/aws/resources.yaml
+++ b/tks-cluster/infra/aws/resources.yaml
@@ -11,7 +11,7 @@ spec:
     type: helmrepo
     repository: https://harbor.taco-cat.xyz/chartrepo/tks
     name: cluster-api-aws
-    version: 0.8.3
+    version: 0.10.0
   releaseName: cluster-api-aws
   targetNamespace: argo
   values:

From 978dbc2f5ffdf1075c8035742ee45ea560bc763e Mon Sep 17 00:00:00 2001
From: Jugwan Eom <zugwan@gmail.com>
Date: Fri, 24 Nov 2023 07:33:14 +0000
Subject: [PATCH 02/10] lma: fix etcd servicemonitor

---
 lma/base/resources.yaml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml
index 20dca34..3c93e5d 100644
--- a/lma/base/resources.yaml
+++ b/lma/base/resources.yaml
@@ -209,12 +209,7 @@ spec:
       endpoints: []
       serviceMonitor:
         interval: TO_BE_FIXED
-        caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
-        certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client
-        insecureSkipVerify: false
-        keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
-        scheme: https
-        serverName: localhost
+        scheme: http
     kubeScheduler:
       enabled: false
     kubeProxy:

From 900a81be2772a2b43df49da280ab1e2651a9708a Mon Sep 17 00:00:00 2001
From: "taekyu.kang" <ktkfree@naver.com>
Date: Mon, 15 Jan 2024 10:39:11 +0900
Subject: [PATCH 03/10] resolve conflict

---
 tks-cluster/infra/aws/resources.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tks-cluster/infra/aws/resources.yaml b/tks-cluster/infra/aws/resources.yaml
index b0390fb..f6bc7a4 100644
--- a/tks-cluster/infra/aws/resources.yaml
+++ b/tks-cluster/infra/aws/resources.yaml
@@ -11,7 +11,7 @@ spec:
     type: helmrepo
     repository: https://harbor.taco-cat.xyz/chartrepo/tks
     name: cluster-api-aws
-    version: 0.10.0
+    version: 0.10.1
   releaseName: cluster-api-aws
   targetNamespace: argo
   values:

From d0c6926311c57eb18425315755d270c801bc254b Mon Sep 17 00:00:00 2001
From: sungil <si.im@sk.com>
Date: Wed, 21 Feb 2024 02:44:15 +0000
Subject: [PATCH 04/10] fluent-operator: bump up operator to support more input
 methods

---
 lma/base/resources.yaml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml
index 89616a6..f688661 100644
--- a/lma/base/resources.yaml
+++ b/lma/base/resources.yaml
@@ -621,7 +621,7 @@ spec:
     type: helmrepo
     repository: https://harbor.taco-cat.xyz/chartrepo/tks
     name: fluent-operator
-    version: 1.7.0
+    version: 2.7.0
     skipDepUpdate: true
     origin: https://openinfradev.github.io/helm-repo
   releaseName: fluent-operator-crds
@@ -641,7 +641,7 @@ spec:
     origin: https://openinfradev.github.io/helm-repo
     repository: https://harbor.taco-cat.xyz/chartrepo/tks
     name: fluent-operator
-    version: 1.7.0
+    version: 2.7.0
     skipDepUpdate: true
   releaseName: fluent-operator
   targetNamespace: lma
@@ -649,10 +649,10 @@ spec:
     operator:
       initcontainer:
         repository: harbor.taco-cat.xyz/tks/docker
-        tag: 19.03
+        tag: "20.10"
       container:
         repository: harbor.taco-cat.xyz/tks/fluent-operator
-        tag: v1.5.0
+        tag: "v2.7.0"
       # FluentBit operator resources. Usually user needn't to adjust these.
       resources:
         limits:
@@ -662,9 +662,10 @@ spec:
           cpu: 100m
           memory: 20Mi
     fluentbit:
+      enable: false
       image:
         repository: harbor.taco-cat.xyz/tks/fluent-bit
-        tag: v1.9.7-debug
+        tag: v2.2.0
   wait: true
 ---
 apiVersion: helm.fluxcd.io/v1
@@ -692,7 +693,7 @@ spec:
         tag: v0.1.1
       fluentbit:
         repository: harbor.taco-cat.xyz/tks/fluent-bit
-        tag: v2.1.4
+        tag: v2.2.0
       elasticsearchTemplates:
         repository: harbor.taco-cat.xyz/tks/curl
         tag: latest

From 44bc9577d767bdcf2f0c33e03e56e4fbcdb25802 Mon Sep 17 00:00:00 2001
From: sungil <si.im@sk.com>
Date: Tue, 16 Apr 2024 08:53:24 +0000
Subject: [PATCH 05/10] fluentbit: does not support alert anymore

---
 lma/base/resources.yaml | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml
index f688661..ecfe06b 100644
--- a/lma/base/resources.yaml
+++ b/lma/base/resources.yaml
@@ -722,13 +722,7 @@ spec:
       outputs: { }
       targetLogs: [ ]
       alerts:
-        enabled: true
-        namespace: taco-system
-        message: |-
-          {{ $labels.container }} in {{ $labels.pod }} ({{ $labels.taco_cluster }}/{{ $labels.namespace }} ) generate a error due to log = {{ $labels.log }}
-        summary: |-
-          {{ $labels.container }} in {{ $labels.pod }} ({{ $labels.taco_cluster }}/{{ $labels.namespace }} ) generate a error
-        rules: [ ]
+        enabled: false
       clusterName: TO_BE_FIXED
       exclude:
       - key: $kubernetes['container_name']

From 87d01b46931fa1029baaf70f5d643735c877fc5a Mon Sep 17 00:00:00 2001
From: sungil <si.im@sk.com>
Date: Wed, 24 Apr 2024 06:26:13 +0000
Subject: [PATCH 06/10] opa-exporter: add exporter for opa

---
 lma/base/resources.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml
index ecfe06b..991e78e 100644
--- a/lma/base/resources.yaml
+++ b/lma/base/resources.yaml
@@ -1245,3 +1245,26 @@ spec:
     s3:
       enabled: true
       buckets: [ ]
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  labels:
+    name: opa-exporter
+  name: opa-exporter
+spec:
+  helmVersion: v3
+  chart:
+    type: helmrepo
+    repository: https://harbor.taco-cat.xyz/chartrepo/tks
+    name: tks/opa-scorecard
+    version: 0.1.0
+  releaseName: opa-exporter
+  targetNamespace: taco-system
+  values:
+    gatekeeper:
+      namespace: gatekeeper-system
+    metrics:
+      podmonitor: true
+      servicemonitor:
+        enabled: true
\ No newline at end of file

From 16524773fbff313a175b05129dc88cb250c8ab70 Mon Sep 17 00:00:00 2001
From: "taekyu.kang" <ktkfree@naver.com>
Date: Thu, 25 Apr 2024 22:10:55 +0900
Subject: [PATCH 07/10] trivial. fix typo

---
 lma/base/resources.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml
index 991e78e..87ae8f0 100644
--- a/lma/base/resources.yaml
+++ b/lma/base/resources.yaml
@@ -1257,7 +1257,7 @@ spec:
   chart:
     type: helmrepo
     repository: https://harbor.taco-cat.xyz/chartrepo/tks
-    name: tks/opa-scorecard
+    name: opa-scorecard
     version: 0.1.0
   releaseName: opa-exporter
   targetNamespace: taco-system

From 9e0ee928486b4e610b453f9fb8f9faeaa0aabe3e Mon Sep 17 00:00:00 2001
From: sungil <si.im@sk.com>
Date: Fri, 26 Apr 2024 03:24:37 +0000
Subject: [PATCH 08/10] policy-serving: change the namespace for decapod
 randering

---
 lma/base/resources.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml
index 991e78e..7a625c7 100644
--- a/lma/base/resources.yaml
+++ b/lma/base/resources.yaml
@@ -1237,7 +1237,7 @@ spec:
     name: ack-resources
     version: v1.0.2
   releaseName: lma-bucket
-  targetNamespace: taco-system
+  targetNamespace: lma
   values:
     tks:
       iamRoles: [] #arn:aws:iam::482246953094:role/control-plane.cluster-api-provider-aws.sigs.k8s.io

From dc5af5c80fd139d5d6a4640e50fbb6dc72d75150 Mon Sep 17 00:00:00 2001
From: sungil <si.im@sk.com>
Date: Thu, 2 May 2024 14:48:17 +0000
Subject: [PATCH 09/10] typo-fix: policy-serving: change the namespace for
 decapod randering

---
 lma/base/resources.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml
index 46b8822..bb307d7 100644
--- a/lma/base/resources.yaml
+++ b/lma/base/resources.yaml
@@ -1237,7 +1237,7 @@ spec:
     name: ack-resources
     version: v1.0.2
   releaseName: lma-bucket
-  targetNamespace: lma
+  targetNamespace: taco-system
   values:
     tks:
       iamRoles: [] #arn:aws:iam::482246953094:role/control-plane.cluster-api-provider-aws.sigs.k8s.io
@@ -1260,7 +1260,7 @@ spec:
     name: opa-scorecard
     version: 0.1.0
   releaseName: opa-exporter
-  targetNamespace: taco-system
+  targetNamespace: lma
   values:
     gatekeeper:
       namespace: gatekeeper-system

From e2a4fe3bc01ed119fb49e4230858591f6916a4db Mon Sep 17 00:00:00 2001
From: sungil <si.im@sk.com>
Date: Mon, 6 May 2024 06:26:57 +0000
Subject: [PATCH 10/10] policy-serving: enable to log denies

---
 policy/base/resources.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/base/resources.yaml b/policy/base/resources.yaml
index b846bf7..735dbdf 100644
--- a/policy/base/resources.yaml
+++ b/policy/base/resources.yaml
@@ -16,6 +16,7 @@ spec:
   releaseName: opa-gatekeeper
   targetNamespace: gatekeeper-system
   values: 
+    logDenies: true
     enableDeleteOperations: true
 ---
 apiVersion: helm.fluxcd.io/v1