-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathvalues.yaml
66 lines (59 loc) · 1.74 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
ingress-nginx:
controller:
replicaCount: 1
service:
# Forces MetalLB to set this IP
type: LoadBalancer
loadBalancerIP: "192.168.1.240"
allowSnippetAnnotations: "true"
config:
proxy-body-size: "512k"
proxy-buffer-size: "512k"
global-allowed-response-headers: "Request-Id"
plugins: "crowdsec"
lua-shared-dicts: "crowdsec_cache: 50m"
use-proxy-protocol: "false"
use-forwarded-headers: "true"
enable-real-ip: "true"
metrics:
enabled: true
serviceMonitor:
enabled: true
extraEnvs:
- name: OC_AGENT_HOST
value: collector.linkerd-jaeger:55678
# Deploy on more powerful node homelab2
nodeSelector:
kubernetes.io/hostname: homelab2
extraInitContainers:
- name: init-clone-crowdsec-bouncer
image: crowdsecurity/lua-bouncer-plugin
imagePullPolicy: IfNotPresent
env:
- name: API_URL
value: "http://crowdsec-service.crowdsec.svc.cluster.local:8080"
- name: BOUNCER_CONFIG
value: "/crowdsec/crowdsec-bouncer.conf"
envFrom:
- secretRef:
name: crowdsec-credentials
command:
[
"sh",
"-c",
"sh /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/",
]
volumeMounts:
- name: crowdsec-bouncer-plugin
mountPath: /lua_plugins
extraVolumeMounts:
- name: crowdsec-bouncer-plugin
mountPath: /etc/nginx/lua/plugins/crowdsec
subPath: crowdsec
extraVolumes:
- name: crowdsec-bouncer-plugin
emptyDir: {}
ingress:
options:
allow-snippet-annotations: "true"
tcp: {}