87 lines
1.7 KiB
YAML
87 lines
1.7 KiB
YAML
---
|
|
apiVersion: source.toolkit.fluxcd.io/v1
|
|
kind: HelmRepository
|
|
metadata:
|
|
name: crowdsec
|
|
namespace: flux-system
|
|
spec:
|
|
interval: 1h
|
|
url: https://crowdsecurity.github.io/helm-charts
|
|
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: crowdsec
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: crowdsec
|
|
namespace: flux-system
|
|
spec:
|
|
interval: 1h
|
|
targetNamespace: crowdsec
|
|
install:
|
|
createNamespace: true
|
|
chart:
|
|
spec:
|
|
chart: crowdsec
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: crowdsec
|
|
interval: 1h
|
|
values:
|
|
container_runtime: containerd
|
|
lapi:
|
|
enabled: true
|
|
replicas: 1
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 256Mi
|
|
persistentVolume:
|
|
data:
|
|
enabled: true
|
|
size: 1Gi
|
|
config:
|
|
enabled: true
|
|
size: 100Mi
|
|
agent:
|
|
enabled: true
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 256Mi
|
|
acquisition:
|
|
- namespace: kube-system
|
|
podName: traefik-*
|
|
program: traefik
|
|
env:
|
|
- name: COLLECTIONS
|
|
value: "crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/linux"
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-ingress-from-traefik
|
|
namespace: crowdsec
|
|
spec:
|
|
podSelector: {}
|
|
policyTypes:
|
|
- Ingress
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: kube-system
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: crowdsec
|