fixes

2025-12-09 12:14:57 +01:00
parent 4f578b1164
commit 2903f70e9f
5 changed files with 27 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
 .DS_Store
 Chart.lock
-*/charts/
+**/charts/
 .terraform
 .terraform.lock.hcl
--- a/crowdsec/templates/vaultauth.yaml
+++ b/crowdsec/templates/vaultauth.yaml
@@ -4,6 +4,7 @@ metadata:
  name: crowdsec
  namespace: {{ .Release.Namespace }}
 spec:
+  vaultConnectionRef: default
  method: kubernetes
  mount: kubernetes
  kubernetes:
--- a/crowdsec/values.yaml
+++ b/crowdsec/values.yaml
@@ -20,8 +20,12 @@ crowdsec: &crowdsec_config
    env:
      - name: COLLECTIONS
        value: "crowdsecurity/traefik crowdsecurity/http-cve"
+      - name: TZ
+        value: Europe/Paris
  lapi:
    env:
+      - name: TZ
+        value: Europe/Paris
      # To enroll the Security Engine to the console
      - name: ENROLL_KEY
        value: "cmieq72i3000802jr1wx8kply"
@@ -49,6 +53,8 @@ crowdsec: &crowdsec_config
        path: /
        source: appsec
    env:
+      - name: TZ
+        value: Europe/Paris
      - name: COLLECTIONS
        value: "crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules"
    resources:
--- a/grafana/values.yaml
+++ b/grafana/values.yaml
@@ -409,7 +409,8 @@ grafana: &grafana_config
  ## 6. uncomment the annotation section in the serviceAccount: above
  ## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn

-  env: {}
+  env:
+    TZ: Europe/Paris

  ## "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
  ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
--- a/hashicorp-vault/iac/modules/README.md
+++ b/hashicorp-vault/iac/modules/README.md
@@ -116,6 +116,22 @@ L’objectif est d’éviter de stocker des credentials statiques, en déléguan

 ## 🛠️ Ressources déployées

+### `VaultConnection`
+
+```yaml
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultConnection
+metadata:
+  finalizers:
+  - vaultconnection.secrets.hashicorp.com/finalizer
+  labels:
+  name: default
+  namespace: {{ .Release.Namespace }}
+spec:
+  address: http://hashicorp-vault.tools.svc.cluster.local:8200
+  skipTLSVerify: false
+```
+
 ### `VaultAuth`

 ```yaml
@@ -125,6 +141,7 @@ metadata:
  name: auth
  namespace: {{ .Release.Namespace }}
 spec:
+  vaultConnectionRef: default
  method: kubernetes
  mount: kubernetes
  kubernetes: