48 lines
1.4 KiB
YAML
48 lines
1.4 KiB
YAML
---
|
|
# https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/tree/main/examples/kubernetes
|
|
# https://docs.crowdsec.net/u/getting_started/installation/kubernetes/
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: crowdsec
|
|
namespace: flux-system
|
|
spec:
|
|
interval: 10m
|
|
releaseName: crowdsec
|
|
targetNamespace: crowdsec
|
|
chart:
|
|
spec:
|
|
chart: crowdsec
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: crowdsec
|
|
namespace: flux-system
|
|
interval: 10m
|
|
values:
|
|
# for raw logs format: json or cri (docker|containerd)
|
|
container_runtime: containerd
|
|
agent:
|
|
# Specify each pod whose logs you want to process
|
|
acquisition:
|
|
# The namespace where the pod is located
|
|
- namespace: traefik
|
|
# The pod name
|
|
podName: traefik-*
|
|
# as in crowdsec configuration, we need to specify the program name to find a matching parser
|
|
program: traefik
|
|
env:
|
|
- name: COLLECTIONS
|
|
value: "crowdsecurity/linux crowdsecurity/traefik crowdsecurity/http-dos crowdsecurity/base-http-scenarios"
|
|
lapi:
|
|
env:
|
|
# To enroll the Security Engine to the console
|
|
- name: ENROLL_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: crowdsec
|
|
key: crowdsec-enroll-key
|
|
- name: ENROLL_INSTANCE_NAME
|
|
value: "dolo"
|
|
- name: ENROLL_TAGS
|
|
value: "k8s linux dolo"
|