arcodange-org/tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2367bd6cd7208ef962244319e3e27c89e4a2cf39
tools/crowdsec/values.yaml
arcodange 2367bd6cd7
All checks were successful
Helm Charts / Detect changed charts (push) Successful in 49s
Details
Helm Charts / Library charts tool (push) Has been skipped
Details
Helm Charts / Application charts pgcat (push) Has been skipped
Details
fix(crowdsec): use Recreate strategy for lapi to avoid RWO volume multi-attach 
RollingUpdate with maxSurge>0 creates a new pod before terminating the old one,
causing a Multi-Attach error on the RWO PVCs (crowdsec-db-pvc, crowdsec-config-pvc).
Recreate terminates the old pod first, then starts the new one.
2026-04-16 10:25:10 +02:00

96 lines
2.8 KiB
YAML
Raw Blame History

crowdsec: &crowdsec_config
# for raw logs format: json or cri (docker|containerd)
container_runtime: docker
agent:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
# Specify each pod whose logs you want to process
acquisition:
# The namespace where the pod is located
- namespace: kube-system
# The pod name
podName: traefik-*
# as in crowdsec configuration, we need to specify the program name to find a matching parser
program: traefik
env:
- name: COLLECTIONS
value: "crowdsecurity/traefik crowdsecurity/http-cve"
- name: TZ
value: Europe/Paris
lapi:
strategy:
type: Recreate
env:
- name: TZ
value: Europe/Paris
# To enroll the Security Engine to the console
- name: ENROLL_KEY
value: "cmieq72i3000802jr1wx8kply"
- name: ENROLL_INSTANCE_NAME
value: "homelab"
- name: ENROLL_TAGS
value: "k3s rpi test"
- name: DB_USER
valueFrom:
secretKeyRef:
name: crowdsec-db-credentials
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: crowdsec-db-credentials
key: password
appsec:
enabled: true
acquisitions:
- appsec_config: crowdsecurity/appsec-default
labels:
type: appsec
listen_addr: 0.0.0.0:7422
path: /
source: appsec
env:
- name: TZ
value: Europe/Paris
- name: COLLECTIONS
value: "crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules"
resources:
limits:
cpu: "500m"
memory: "300Mi"
requests:
cpu: "100m"
memory: "200Mi"
config:
config.yaml.local: |
db_config:
type: postgresql
user: ${DB_USER}
password: ${DB_PASSWORD}
db_name: crowdsec
host: pgbouncer.tools
port: 5432
api:
server:
auto_registration: # Activate if not using TLS for authentication
enabled: true
token: "${REGISTRATION_TOKEN}" # /!\ do not change
allowed_ranges: # /!\ adapt to the pod IP ranges used by your cluster
- "127.0.0.1/32"
- "192.168.0.0/16"
- "10.42.0.0/16"
- "172.16.0.0/12"
tool:
# kind: 'SubChart' or 'HelmChart', if subchart then uncomment Chart.yaml dependency, else comment and use tool library with helm chart template
kind: 'SubChart'
repo: https://crowdsecurity.github.io/helm-charts
chart: crowdsec
version: 0.20.1
values: *crowdsec_config
Reference in New Issue View Git Blame Copy Permalink