Adding crowdsec nginx bouncer plugin.
This commit is contained in:
parent
36d46e07b6
commit
42aabe048f
1 changed files with 28 additions and 10 deletions
|
|
@ -17,16 +17,8 @@ spec:
|
||||||
values:
|
values:
|
||||||
controller:
|
controller:
|
||||||
replicaCount: 3
|
replicaCount: 3
|
||||||
|
|
||||||
# hostPort:
|
|
||||||
# enabled: true
|
|
||||||
# ports:
|
|
||||||
# http: 81
|
|
||||||
# https: 444
|
|
||||||
|
|
||||||
updateStrategy:
|
updateStrategy:
|
||||||
type: RollingUpdate
|
type: RollingUpdate
|
||||||
|
|
||||||
service:
|
service:
|
||||||
enabled: true
|
enabled: true
|
||||||
type: LoadBalancer
|
type: LoadBalancer
|
||||||
|
|
@ -67,8 +59,10 @@ spec:
|
||||||
proxy-buffer-size: "16k"
|
proxy-buffer-size: "16k"
|
||||||
ssl-protocols: "TLSv1.3 TLSv1.2"
|
ssl-protocols: "TLSv1.3 TLSv1.2"
|
||||||
use-forwarded-headers: "true"
|
use-forwarded-headers: "true"
|
||||||
# plugins: "crowdsec"
|
plugins: "crowdsec"
|
||||||
# lua-shared-dicts: "crowdsec_cache: 50m"
|
lua-shared-dicts: "crowdsec_cache: 50m"
|
||||||
|
server-snippet: |
|
||||||
|
resolver local=on ipv6=off;
|
||||||
|
|
||||||
extraArgs:
|
extraArgs:
|
||||||
default-ssl-certificate: "network/valinor-social-tls"
|
default-ssl-certificate: "network/valinor-social-tls"
|
||||||
|
|
@ -100,6 +94,30 @@ spec:
|
||||||
requests:
|
requests:
|
||||||
cpu: 23m
|
cpu: 23m
|
||||||
memory: 381M
|
memory: 381M
|
||||||
|
extraVolumes:
|
||||||
|
- name: crowdsec-bouncer-plugin
|
||||||
|
emptyDir: {}
|
||||||
|
extraInitContainers:
|
||||||
|
- name: init-clone-crowdsec-bouncer
|
||||||
|
image: crowdsecurity/lua-bouncer-plugin
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
env:
|
||||||
|
- name: API_URL
|
||||||
|
value: "http://crowdsec-service.security.svc.cluster.local:8080" # crowdsec lapi service-name
|
||||||
|
- name: API_KEY
|
||||||
|
value: "<API KEY>" # generated with `cscli bouncers add -n <bouncer_name>
|
||||||
|
- name: BOUNCER_CONFIG
|
||||||
|
value: "/crowdsec/crowdsec-bouncer.conf"
|
||||||
|
- name: BAN_TEMPLATE_PATH
|
||||||
|
value: /etc/nginx/lua/plugins/crowdsec/templates/ban.html
|
||||||
|
command: ['sh', '-c', "sh /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/"]
|
||||||
|
volumeMounts:
|
||||||
|
- name: crowdsec-bouncer-plugin
|
||||||
|
mountPath: /lua_plugins
|
||||||
|
extraVolumeMounts:
|
||||||
|
- name: crowdsec-bouncer-plugin
|
||||||
|
mountPath: /etc/nginx/lua/plugins/crowdsec
|
||||||
|
subPath: crowdsec
|
||||||
|
|
||||||
defaultBackend:
|
defaultBackend:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
|
||||||
Reference in a new issue