adrien/ansible_role_k8s_crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
ansible_role_k8s_crowdsec/tasks/main.yml

62 lines
2.6 KiB
YAML
Raw Blame History

---
# https://github.com/crowdsecurity/helm-charts/tree/main/charts/crowdsec
- name: CrowdSec setup
block:
- name: Defined CrowdSec repository
kubernetes.core.helm_repository:
name: crowdsec
repo_url: "https://crowdsecurity.github.io/helm-charts"
- name: Deploy latest version of CrowdSec
kubernetes.core.helm:
context: "{{ my_context }}"
name: crowdsec
release_namespace: "{{ crowdsec_namespace }}"
create_namespace: true
chart_ref: crowdsec/crowdsec
chart_version: "{{ crowdsec_chart_version }}"
values: "{{ lookup('template', 'helm-values.yaml.j2') | from_yaml }}"
# - name: crowdsec agent install
# kubernetes.core.k8s:
# state: present
# context: "{{ my_context }}"
# namespace: "{{ crowdsec_namespace }}"
# resource_definition: "{{ lookup('template', item) | from_yaml }}"
# with_items:
# - crowdsec-agent-Service.yml.j2
# - crowdsec-agent-DaemonSet.yml.j2
# - crowdsec-agent-serviceMonitor.yml.j2
# - name: Wait until pod crowdsec-lapi is ready
# kubernetes.core.k8s_info:
# kind: Pod
# wait: yes
# label_selectors:
# - "k8s-app: crowdsec"
# - "type: lapi"
# namespace: "{{ crowdsec_namespace }}"
# context: "{{ my_context }}"
# wait_sleep: 5
# wait_timeout: 360
- name: Configure traefik bouncer access
block:
# kubectl --context bach -n crowdsec exec deploy/crowdsec-lapi -c crowdsec-lapi -- cscli bouncers list -o raw | grep '^traefik,'
- name: Test if traefik bouncer already existe
ansible.builtin.shell: kubectl --context {{ my_context }} -n {{ crowdsec_namespace }} exec deploy/crowdsec-lapi -c crowdsec-lapi -- cscli bouncers list -o raw | grep -q '^traefik,'
delegate_to: localhost
# register: traefik_bouncer_enrolled
# changed_when: false
check_mode: false
rescue:
# kubectl --context bach -n crowdsec exec deploy/crowdsec-lapi -c crowdsec-lapi -- cscli bouncers add traefik -o raw
- name: Test if traefik bouncer already existe
ansible.builtin.command: kubectl --context {{ my_context }} -n {{ crowdsec_namespace }} exec deploy/crowdsec-lapi -c crowdsec-lapi -- cscli bouncers add traefik -o raw
delegate_to: localhost
register: traefik_bouncer_token
- name: Show next command
debug:
msg: vault write exploit/clusters/{{ my_context }}/crowdsec_traefik_bouncer api_key={{ traefik_bouncer_token.stdout }}
# kubectl --context chopin -n crowdsec rollout restart deploy/crowdsec-lapi
tags:
- crowdsec
Reference in a new issue View git blame Copy permalink