chore: Update crowdsec
This commit is contained in:
parent
082702bc29
commit
beb0a45ae6
SSH Key Fingerprint:
SHA256:kkfAzsJYE6sKPZtP7vfEN6zZEQxz6i8xb0Dzq5KD3PE
@ -6,4 +6,3 @@ resources:
|
|||||||
- secrets.yaml
|
- secrets.yaml
|
||||||
- repository.yaml
|
- repository.yaml
|
||||||
- release.yaml
|
- release.yaml
|
||||||
|
|
||||||
|
|||||||
@ -30,10 +30,19 @@ spec:
|
|||||||
podName: traefik-*
|
podName: traefik-*
|
||||||
# as in crowdsec configuration, we need to specify the program name to find a matching parser
|
# as in crowdsec configuration, we need to specify the program name to find a matching parser
|
||||||
program: traefik
|
program: traefik
|
||||||
|
poll_without_inotify: true
|
||||||
env:
|
env:
|
||||||
|
- name: PARSERS
|
||||||
|
value: "crowdsecurity/cri-logs"
|
||||||
- name: COLLECTIONS
|
- name: COLLECTIONS
|
||||||
value: "crowdsecurity/linux crowdsecurity/traefik crowdsecurity/http-dos crowdsecurity/base-http-scenarios"
|
value: "crowdsecurity/linux crowdsecurity/traefik crowdsecurity/http-dos crowdsecurity/http-cve"
|
||||||
lapi:
|
lapi:
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
additionalLabels:
|
||||||
|
release: kube-prometheus-stack
|
||||||
env:
|
env:
|
||||||
# To enroll the Security Engine to the console
|
# To enroll the Security Engine to the console
|
||||||
- name: ENROLL_KEY
|
- name: ENROLL_KEY
|
||||||
|
|||||||
@ -0,0 +1,10 @@
|
|||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: cloudflare-ip-header
|
||||||
|
namespace: traefik
|
||||||
|
spec:
|
||||||
|
headers:
|
||||||
|
customRequestHeaders:
|
||||||
|
X-Forwarded-For: "{Cf-Connecting-Ip}"
|
||||||
|
|
||||||
@ -3,4 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- crowdsec-bouncer.yaml
|
- crowdsec-bouncer.yaml
|
||||||
|
- cloudflare-ip-header.yaml
|
||||||
|
|
||||||
|
|||||||
@ -60,6 +60,32 @@ spec:
|
|||||||
websecure:
|
websecure:
|
||||||
middlewares:
|
middlewares:
|
||||||
- traefik-bouncer@kubernetescrd
|
- traefik-bouncer@kubernetescrd
|
||||||
|
- traefik-cloudflare-ip-header@kubernetescrd
|
||||||
|
trustedIPs:
|
||||||
|
# https://www.cloudflare.com/ips-v4/#
|
||||||
|
- 173.245.48.0/20
|
||||||
|
- 103.21.244.0/22
|
||||||
|
- 103.22.200.0/22
|
||||||
|
- 103.31.4.0/22
|
||||||
|
- 141.101.64.0/18
|
||||||
|
- 108.162.192.0/18
|
||||||
|
- 190.93.240.0/20
|
||||||
|
- 188.114.96.0/20
|
||||||
|
- 197.234.240.0/22
|
||||||
|
- 198.41.128.0/17
|
||||||
|
- 162.158.0.0/15
|
||||||
|
- 104.16.0.0/13
|
||||||
|
- 104.24.0.0/14
|
||||||
|
- 172.64.0.0/13
|
||||||
|
- 131.0.72.0/22
|
||||||
|
# https://www.cloudflare.com/ips-v6/#
|
||||||
|
- 2400:cb00::/32
|
||||||
|
- 2606:4700::/32
|
||||||
|
- 2803:f800::/32
|
||||||
|
- 2405:b500::/32
|
||||||
|
- 2405:8100::/32
|
||||||
|
- 2a06:98c0::/29
|
||||||
|
- 2c0f:f248::/32
|
||||||
port: 443
|
port: 443
|
||||||
http3:
|
http3:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user