feat: enable CrowdSec Traefik bouncer on all ingresses

- Add Traefik plugin via HelmChartConfig (crowdsec-bouncer-traefik-plugin) - Create bouncer Middleware in stream mode - Apply bouncer to all public ingresses - IPs flagged by CrowdSec will now be blocked at Traefik level
2026-02-19 23:53:00 +00:00
parent d628dd2c67
commit d19ede0559
6 changed files with 34 additions and 5 deletions
--- a/clusters/lab/security/authelia.yaml
+++ b/clusters/lab/security/authelia.yaml
@@ -53,7 +53,7 @@ spec:
      className: traefik
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
-        traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
+        traefik.ingress.kubernetes.io/router.middlewares: default-crowdsec-bouncer@kubernetescrd,default-redirect-https@kubernetescrd
      tls:
        enabled: true
        secret: authelia-tls