Skip to content
Snippets Groups Projects
Verified Commit b0b368f6 authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

feat(crowdsec): Use ingress for lapi

parent 081530ef
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/base/crowdsec/kustomization.yaml
+ 1
0
View file @ b0b368f6
......@@ -7,5 +7,6 @@ resources:
- release.yaml
- ../../../shared/networkpolicies/allow-from-same-namespace.yaml
- ../../../shared/networkpolicies/allow-from-monitoring.yaml
- ../../../shared/networkpolicies/allow-from-ingress.yaml
patchesStrategicMerge:
- networkpolicy.yaml
apps/base/crowdsec/networkpolicy.yaml
+ 11
1
View file @ b0b368f6
......@@ -6,4 +6,14 @@ metadata:
spec:
podSelector:
matchLabels:
k8s-app: crowdsec
\ No newline at end of file
k8s-app: crowdsec
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-ingress
spec:
podSelector:
matchLabels:
k8s-app: crowdsec
type: lapi
\ No newline at end of file
apps/k8s01/crowdsec/certificate.yaml 0 → 100644
+ 66
0
View file @ b0b368f6
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: crowdsec-tls
namespace: crowdsec
labels:
app.kubernetes.io/name: crowdsec
spec:
dnsNames:
- ENC[AES256_GCM,data:7ctacfZGie4pE2VfH5i3bh96LQnad/YQGr8=,iv:o0fkT8qIPyz2Pm6GM4ZIWvl5cxJXlVx7qlFaN4PpXlk=,tag:t5H5JsBObnmNDWUlc33Ncg==,type:str]
issuerRef:
name: letsencrypt
kind: ClusterIssuer
secretName: ingress-crowdsec-tls
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-09-28T21:26:28Z"
mac: ENC[AES256_GCM,data:goF9lVngzWTJpURm4cY4Me3kB8Ro7WHP0Llub5um/x09buXu2lBZlOYscYq0Sug5Nh4gPA7zfUzUo29advtA1mEijl38kDpIOjw5EIZZ4PFbCMqlEyYcBQF/lV+rF+MaGo/PHdLpdZkg+GO1p/hrLXLM5T7Y35pQ2OpEydqWBB8=,iv:nlP47dFysqk6kU6yeF4rImoBTHQL0W6IR6jvDpc+UhY=,tag:AiUj2SJuTcU5UinZBmlssg==,type:str]
pgp:
- created_at: "2022-01-21T18:13:48Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7kpg2bgzVHcARAAs0OQxzkgcgs/iXO3DXjnuyddgI5X/Gz5Gd3q0U6MrK18
gfZIWvh2gemiU0YepfnQwbHkFLWOO/hYLjppAd4/HS93Gg8Hqg7Kh9WLiQFqolAn
SSvm1KvlesTselWGu8/282UO5jDM7E0NuqsHPC9K/4im+jkWO9s2fAw+hQIvvVPw
CktPYqihMvTmLyTVX9dMkwgDzTdJ8JeaI26S5tyMkAg+B/ymxKWG4m7bRIG9+kOD
fnsUUfd+zobOLR3w251+AydJlCy3gs6hJYlW1wz8m6cOzKHe3SEnN9GLJSbSa95n
+WpY31VF+eXZ4Z8GXoy3QHTWzbcWJ10RKb5eTPixAJzL3opSTbKJGmUuQlq+/9Wg
876dUQGl26CHm8solPytStPJDoSjcNbClJN1Rfp2SopAucqDG5XPIzXh7gIzfwrR
qauiO2AnC85DkWwU9w3wODB9zY3PzcmbzxyLPzEqnSABIEVw8VJoM/pnIRv2gs17
2YN61VO/YgUuxXtvvAHMgk1XQPfH45bM/i9lwX8EHDHqBWQVtYIqyw0lnVPZl1Hz
VuN6/aH4AnVAqeMjS4ezLZ26cyF8S/wkuQPK8tOfOs2l4smD1jp67A1A9RQfF4Hz
QRHL7VEc3EElB7FobZSAccjptfghhFjtIEhrmiZJgIIFcYv8IGDCf59pmVXSUKPS
UQGgA6xeWVYOj7DKYrgO4xMUXtofOv4WVRFO7iejeRqF5YbWmaCIq0GNvpwwZvWe
jqtu9MjOqwG0X682yB6/Ss/HBV+vAYrMoRqunjrSlZ+oLw==
=pOY7
-----END PGP MESSAGE-----
fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
- created_at: "2022-01-21T18:13:48Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA4oYbIHZIrAPARAAlM62U+idC9A4irm5RkSx5fZv+HGu7Jrm5GNPzv2tQ9WY
ponFAjh0/DDq2qWcpveRS3owFAwhoMbm1vYx9O29ycM5XzjxHF5CjytSssRU0FkX
UK5OdW+SURLREvIOZjYoEqjxFGj22ZAegkNIHYadTSGyesWM8Fj3Q6Su0EVyeyaI
FaE5Eo3Ya0tn7p+oMoAsJFJhtz9oFvPcaXCri+BTiIHCGZBQf9ndAvpr23zd2cO8
LBNwHOmJmtiHM3xndhVstBt9YnRqjqg3hZt65zB7LIP8zRPDtzsvTAdcLMkibhh5
GPn6JyOvlBPFrxR0ZmuGTURFODfjFrjn96igHDGbET1XKDVb99uQA7tJDRjZYUPM
3zfjj+aKi8R9k+/fU/jO827K8jHN9tPmrsJslUGDtV6sRxfWXUsfur8840TfnFBm
f8mqqOBA9ahJaN+0EyXvFHCfPglYs7zXKL4fYnO6PKB7fR+IDFUQzHxZGDTgLB6g
gtayT8FHE6EQ/1Lxsjw4kHfJYlabi5jSPAWtws/RXF8oZgByT6O1yYCtfJPzzlyT
A9b2X2EG4Lj6QFQNN7n/qOwa6timOrdZOfIDLMZt7JIDpHXhCmzo2WCm3wFS/L4R
6zuYDUg5rm3sxHzcw+9xn/PK8yedVCmCGNrnON9hn0TeqXmuY87KQu1Az+3wJqDU
ZgEJAhCnHsdsGhUmeXb4Lb8+hJfFB1DTL3qk6iPqxPsjfA1n3N/KYLd3KYWaM6fm
21yCsmkJZRWxgOwTPbF+KIQAq4yleW06ys6DFLz2wgLc3LlRjJFlPeajM6v6XicO
lDUgoEyZhw==
=y2A9
-----END PGP MESSAGE-----
fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL)$
version: 3.7.3
apps/k8s01/crowdsec/ingress.yaml 0 → 100644
+ 75
0
View file @ b0b368f6
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: crowdsec
namespace: crowdsec
labels:
app.kubernetes.io/name: crowdsec
spec:
rules:
- host: ENC[AES256_GCM,data:V4ci7BYq3Rx68SbH8cNec0Sb8HOviEZ9ba0=,iv:TEAzu114TgjQzZAioIVT6DzbZ17JNesdT2xuebf64xQ=,tag:XeZ31mVguuRCTQka+QB4Zg==,type:str]
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: crowdsec-service
port:
number: 8080
tls:
- hosts:
- ENC[AES256_GCM,data:Y/OIAe4NfZ9BYatNn6XO9HU3sIPfaRPc8J0=,iv:7r3WP7xi2bGM57zhQk0P09J02q6+QGBBGUWGmAWDt7I=,tag:uLD2TT0gY5TQkYDCbQizHA==,type:str]
secretName: ingress-crowdsec-tls
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-09-28T21:27:39Z"
mac: ENC[AES256_GCM,data:p+fFV8mvF1bFzXzkHRLX4mVr+8vytjdhjnMY4d6j8r3WziexMcKRuAgScxzyBPCyjHXdhDBFTFMC4czb1hEkbhYkYacjqYV2rAEnhzHiQtJhUQalTUDoqUeHwgWWZoN/JRI+eTN6pO2yO6csK9nPOcCUuzwGbD8Cx7pj0+H7RH0=,iv:mmLX6cXLoVn8Z2h3DHZIijqR2U4DsGDDvHpbGVIVz+4=,tag:EVetf8A/KAKUOdfRb2XlXg==,type:str]
pgp:
- created_at: "2022-09-13T20:16:18Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7kpg2bgzVHcAQ//QKUo6MGGO7kJyGfQ8WULaFNILDGmSNjPj6avjps8nbpa
BdNlszBms4ghflXW6xfBe2vqTvo+Bjd6XqngSoEOpYQNruKTodDpkRBj2KsT+nza
PfQocIiGaLmYsjdT7RtrCIzkm27IwL1MMtPrWPPfiiRHv5lw18y+l2c2kkO8TA4A
eETwEpbeVTo+iryTYSHMQKHeKk+s3Oh/MVGHHC3AlNn8hmvi2Wt/eSLye27a7J5T
lbJrNkIDX/1G9NR0bg2045MkljzYyY7ttP58j+WsOca3ct8NWy4Z4OQeldCmwIFr
BrKYCoFI6eZ6DHT9Rlqm246WN70hbRb7usCgX8dn8WT/Z8dXWzRryYtIVjkzrIVm
AZQ1XelkdXybGa/ORV5aj81AIXu7konepcJX64L6OxcQjFhQWAO7y1rwclOW8QOb
h2RlsE79wNobUsErXTvUmsW30l0GWYeh3IgR0HAMu2P8ttDvb8I4yu5H1/5uZnZY
jLBnH8ooC9uDnh2z5u6ru5JmHjlQ8BWUF/dptt57qUo/I+xBhiSCqYLFo2WOy1lx
hDlSzIE5Sn5TA3fxXyc9Hwv5/c3ELW6EuXqiy4MUcLREL07C4OLp0/1q/Tshj0FG
PReQZkVON4jFuDtfFVID8Rm20CBkVe2xahThK8jCGms15UpiU8hsv8VgAn7aIsPS
UQF1wuAsfdOVLBugwP0jsc57R60KmtLpig04S0WLJAlNEXGk+yGqAsluHGxJpnnm
LUM72fLPLolfVdF2aS9UjTSkSy34Rh5J/j08usEN8R7mWw==
=xL8K
-----END PGP MESSAGE-----
fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
- created_at: "2022-09-13T20:16:18Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA4oYbIHZIrAPARAAi5C2YbFg1dJGa/C+tsp2xn3fhu5Qvl2ywWFz/lWyO6rW
si4H0ivAkiI85jd2xgxXq54EWY5pkH0a/Ynly5p9zJuZf+dXP5RkOa7EEbv7h/UV
ZRQRpJRJuMKIOUXHKvRR93lQYItSPTCkcRkt6mVEhvYQwOxJmmmjtOF1umbra3Zi
sFWez2yil9BCC9kGWM4n2kHHLhb0RJdlfj3tP7RTYC9ssGCdoUnh4CgksRv6QW2G
HbrO38UJf96gzrjh09HJS4gSnIbtHVDGZ5lVITFpU3WPirga4BGEgib6Ip2GNb4i
6hPmb3aWFwLeHf83CoDV8VbL03t5OLdeUWkAn9xNSZOPy8rZJgm/UXfuii1l39ui
gJk2VWVleK1rHGEV+sCsjGQjQvGL6QUgB+4dp6petsw5Jt1gxBbVZmvkuWjpkPw4
BkLHPf51Gs0SCogWaVf5XdQqX1bovTZotTbTpa6A0G4iwsPIqQkSB/C7ykod5I0s
lXBqXCk9sgAr+hxdRtMpzZJhWC82EoP+Z8IhVEl0GvRyFC+BjFJKMNiTNLRsqmxL
iGaZrCXym7qM++uGKaUWmhVPg3g+l2AUmAwgf6ISIGQolaIf7J+jIc9jw4HSYcIM
MAjvGOGD02ABGvNGwiyi84ibIhnVngmrxuBrQTfBSfhqhJa6XUtLvaTt0OJa2UnU
aAEJAhAjKsBPBcSGRBgbDk+peX46kE7gF1p0tIqKjD1mBaSW5+x5xcITUHQxTcuV
tievOikl8nF+zBDmG3TlRiKimMGz2DwlARwkIsXOaU9I/VVwot153VYG/tpEbqKs
8LzbNsLdj2Ld
=S0CC
-----END PGP MESSAGE-----
fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
version: 3.7.3
apps/k8s01/crowdsec/kustomization.yaml
+ 2
0
View file @ b0b368f6
......@@ -3,4 +3,6 @@ kind: Kustomization
namespace: crowdsec
resources:
- ../../base/crowdsec
- ingress.yaml
- certificate.yaml
- ../../../shared/resourcequotas/default.yaml
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment