Davide Piu
d19ede0559
- Add Traefik plugin via HelmChartConfig (crowdsec-bouncer-traefik-plugin) - Create bouncer Middleware in stream mode - Apply bouncer to all public ingresses - IPs flagged by CrowdSec will now be blocked at Traefik level
68 lines
1.3 KiB
YAML
68 lines
1.3 KiB
YAML
---
|
|
apiVersion: source.toolkit.fluxcd.io/v1
|
|
kind: HelmRepository
|
|
metadata:
|
|
name: podinfo
|
|
namespace: flux-system
|
|
spec:
|
|
interval: 1h
|
|
type: oci
|
|
url: oci://ghcr.io/stefanprodan/charts
|
|
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: podinfo
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: podinfo
|
|
namespace: flux-system
|
|
spec:
|
|
interval: 1h
|
|
targetNamespace: podinfo
|
|
install:
|
|
createNamespace: true
|
|
chart:
|
|
spec:
|
|
chart: podinfo
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: podinfo
|
|
interval: 1h
|
|
values:
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 16Mi
|
|
limits:
|
|
cpu: 100m
|
|
memory: 64Mi
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: podinfo
|
|
namespace: podinfo
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
traefik.ingress.kubernetes.io/router.middlewares: default-crowdsec-bouncer@kubernetescrd,default-redirect-https@kubernetescrd
|
|
spec:
|
|
ingressClassName: traefik
|
|
rules:
|
|
- host: app.davidepiu.xyz
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: podinfo-podinfo
|
|
port:
|
|
number: 9898
|
|
tls:
|
|
- hosts:
|
|
- app.davidepiu.xyz
|
|
secretName: podinfo-tls
|