fixes
This commit is contained in:
2
.gitignore
vendored
2
.gitignore
vendored
@@ -1,5 +1,5 @@
|
|||||||
.DS_Store
|
.DS_Store
|
||||||
Chart.lock
|
Chart.lock
|
||||||
*/charts/
|
**/charts/
|
||||||
.terraform
|
.terraform
|
||||||
.terraform.lock.hcl
|
.terraform.lock.hcl
|
||||||
@@ -4,6 +4,7 @@ metadata:
|
|||||||
name: crowdsec
|
name: crowdsec
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
spec:
|
spec:
|
||||||
|
vaultConnectionRef: default
|
||||||
method: kubernetes
|
method: kubernetes
|
||||||
mount: kubernetes
|
mount: kubernetes
|
||||||
kubernetes:
|
kubernetes:
|
||||||
|
|||||||
@@ -20,8 +20,12 @@ crowdsec: &crowdsec_config
|
|||||||
env:
|
env:
|
||||||
- name: COLLECTIONS
|
- name: COLLECTIONS
|
||||||
value: "crowdsecurity/traefik crowdsecurity/http-cve"
|
value: "crowdsecurity/traefik crowdsecurity/http-cve"
|
||||||
|
- name: TZ
|
||||||
|
value: Europe/Paris
|
||||||
lapi:
|
lapi:
|
||||||
env:
|
env:
|
||||||
|
- name: TZ
|
||||||
|
value: Europe/Paris
|
||||||
# To enroll the Security Engine to the console
|
# To enroll the Security Engine to the console
|
||||||
- name: ENROLL_KEY
|
- name: ENROLL_KEY
|
||||||
value: "cmieq72i3000802jr1wx8kply"
|
value: "cmieq72i3000802jr1wx8kply"
|
||||||
@@ -49,6 +53,8 @@ crowdsec: &crowdsec_config
|
|||||||
path: /
|
path: /
|
||||||
source: appsec
|
source: appsec
|
||||||
env:
|
env:
|
||||||
|
- name: TZ
|
||||||
|
value: Europe/Paris
|
||||||
- name: COLLECTIONS
|
- name: COLLECTIONS
|
||||||
value: "crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules"
|
value: "crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules"
|
||||||
resources:
|
resources:
|
||||||
|
|||||||
@@ -409,7 +409,8 @@ grafana: &grafana_config
|
|||||||
## 6. uncomment the annotation section in the serviceAccount: above
|
## 6. uncomment the annotation section in the serviceAccount: above
|
||||||
## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn
|
## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn
|
||||||
|
|
||||||
env: {}
|
env:
|
||||||
|
TZ: Europe/Paris
|
||||||
|
|
||||||
## "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
|
## "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
|
||||||
## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
|
## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
|
||||||
|
|||||||
@@ -116,6 +116,22 @@ L’objectif est d’éviter de stocker des credentials statiques, en déléguan
|
|||||||
|
|
||||||
## 🛠️ Ressources déployées
|
## 🛠️ Ressources déployées
|
||||||
|
|
||||||
|
### `VaultConnection`
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultConnection
|
||||||
|
metadata:
|
||||||
|
finalizers:
|
||||||
|
- vaultconnection.secrets.hashicorp.com/finalizer
|
||||||
|
labels:
|
||||||
|
name: default
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
address: http://hashicorp-vault.tools.svc.cluster.local:8200
|
||||||
|
skipTLSVerify: false
|
||||||
|
```
|
||||||
|
|
||||||
### `VaultAuth`
|
### `VaultAuth`
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
@@ -125,6 +141,7 @@ metadata:
|
|||||||
name: auth
|
name: auth
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
spec:
|
spec:
|
||||||
|
vaultConnectionRef: default
|
||||||
method: kubernetes
|
method: kubernetes
|
||||||
mount: kubernetes
|
mount: kubernetes
|
||||||
kubernetes:
|
kubernetes:
|
||||||
|
|||||||
Reference in New Issue
Block a user