---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: crowdsec
  namespace: flux-system
spec:
  interval: 1h
  url: https://crowdsecurity.github.io/helm-charts
---
apiVersion: v1
kind: Namespace
metadata:
  name: crowdsec
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: crowdsec
  namespace: flux-system
spec:
  interval: 1h
  targetNamespace: crowdsec
  install:
    createNamespace: true
  chart:
    spec:
      chart: crowdsec
      sourceRef:
        kind: HelmRepository
        name: crowdsec
      interval: 1h
  values:
    container_runtime: containerd
    lapi:
      enabled: true
      replicas: 1
      resources:
        requests:
          cpu: 50m
          memory: 128Mi
        limits:
          cpu: 500m
          memory: 256Mi
      persistentVolume:
        data:
          enabled: true
          size: 1Gi
        config:
          enabled: true
          size: 100Mi
    agent:
      enabled: true
      resources:
        requests:
          cpu: 50m
          memory: 64Mi
        limits:
          cpu: 500m
          memory: 256Mi
      acquisition:
      - namespace: kube-system
        podName: traefik-*
        program: traefik
      env:
      - name: COLLECTIONS
        value: "crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/linux"
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-ingress-from-traefik
  namespace: crowdsec
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: crowdsec