From 760b310624402b9f067bb42d34ff30ff0f7f9b9e Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Fri, 1 Dec 2023 10:42:56 -0600
Subject: [PATCH] Update affinity/remove crowdsec

---
 .../ingress-nginx/app/helmrelease.yaml        | 35 ++-----------------
 1 file changed, 2 insertions(+), 33 deletions(-)

diff --git a/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml b/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml
index da2ca64..c3e25d0 100644
--- a/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml
+++ b/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml
@@ -63,10 +63,6 @@ spec:
         proxy-buffer-size: "16k"
         ssl-protocols: "TLSv1.3 TLSv1.2"
         use-forwarded-headers: "true"
-        plugins: "crowdsec"
-        lua-shared-dicts: "crowdsec_cache: 50m"
-        server-snippet: |
-          resolver local=on ipv6=off;
 
       extraArgs:
         default-ssl-certificate: "network/hsn-dev-tls"
@@ -77,7 +73,7 @@ spec:
           whenUnsatisfiable: DoNotSchedule
           labelSelector:
             matchLabels:
-              app.kubernetes.io/instance: ingress-nginx
+              app.kubernetes.io/instance: ingress-nginx-hsn
               app.kubernetes.io/component: controller
       affinity:
         podAntiAffinity:
@@ -91,40 +87,13 @@ spec:
                   - key: app.kubernetes.io/instance
                     operator: In
                     values:
-                      - ingress-nginx
+                      - ingress-nginx-hsn
               topologyKey: kubernetes.io/hostname
 
       resources:
         requests:
           cpu: 23m
           memory: 381M
-      extraVolumes:
-        - name: crowdsec-bouncer-plugin
-          emptyDir: {}
-      extraInitContainers:
-        - name: init-clone-crowdsec-bouncer
-          image: crowdsecurity/lua-bouncer-plugin
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: API_URL
-              value: "http://crowdsec-service.security.svc.cluster.local:8080" # crowdsec lapi service-name
-            - name: API_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: nginx-ingress-secrets
-                  key: nginx-ingress-bouncer-apikey
-            - name: BOUNCER_CONFIG
-              value: "/crowdsec/crowdsec-bouncer.conf"
-            - name: BAN_TEMPLATE_PATH
-              value: /etc/nginx/lua/plugins/crowdsec/templates/ban.html
-          command: ['sh', '-c', "sh /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/"]
-          volumeMounts:
-            - name: crowdsec-bouncer-plugin
-              mountPath: /lua_plugins
-      extraVolumeMounts:
-        - name: crowdsec-bouncer-plugin
-          mountPath: /etc/nginx/lua/plugins/crowdsec
-          subPath: crowdsec
 
     defaultBackend:
       enabled: false