120 lines
3.3 KiB
Django/Jinja
120 lines
3.3 KiB
Django/Jinja
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
# annotations:
|
|
# meta.helm.sh/release-name: crowdsec
|
|
# meta.helm.sh/release-namespace: crowdsec
|
|
labels:
|
|
# app.kubernetes.io/managed-by: Helm
|
|
k8s-app: crowdsec
|
|
type: agent
|
|
version: v1
|
|
name: crowdsec-agent
|
|
spec:
|
|
revisionHistoryLimit: 10
|
|
selector:
|
|
matchLabels:
|
|
k8s-app: crowdsec
|
|
type: agent
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: crowdsec
|
|
type: agent
|
|
version: v1
|
|
spec:
|
|
containers:
|
|
- command:
|
|
- sh
|
|
- -c
|
|
- mv -n /staging/etc/crowdsec/* /etc/crowdsec_data/ && rm -rf /staging/etc/crowdsec
|
|
&& ln -s /etc/crowdsec_data /etc/crowdsec && ./docker_start.sh
|
|
env:
|
|
- name: AGENT_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: username
|
|
name: agent-credentials
|
|
- name: AGENT_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: password
|
|
name: agent-credentials
|
|
- name: LOCAL_API_URL
|
|
value: http://crowdsec-service.crowdsec:8080
|
|
- name: DISABLE_LOCAL_API
|
|
value: "true"
|
|
- name: DISABLE_ONLINE_API
|
|
value: "true"
|
|
- name: COLLECTIONS
|
|
value: crowdsecurity/traefik
|
|
- name: SCENARIOS
|
|
value: crowdsecurity/linux-lpe crowdsecurity/http-crawl-non_statics
|
|
image: crowdsecurity/crowdsec:latest
|
|
imagePullPolicy: IfNotPresent
|
|
name: crowdsec-agent
|
|
ports:
|
|
- containerPort: 6060
|
|
name: metrics
|
|
protocol: TCP
|
|
resources:
|
|
limits:
|
|
memory: 100Mi
|
|
requests:
|
|
cpu: 150m
|
|
memory: 100Mi
|
|
terminationMessagePath: /dev/termination-log
|
|
terminationMessagePolicy: File
|
|
volumeMounts:
|
|
- mountPath: /etc/crowdsec_data
|
|
name: crowdsec-agent-config
|
|
- mountPath: /etc/crowdsec_data/acquis.yaml
|
|
name: acquis-config-volume
|
|
subPath: acquis.yaml
|
|
- mountPath: /var/log
|
|
name: varlog
|
|
- mountPath: /var/lib/docker/containers
|
|
name: varlibdockercontainers
|
|
readOnly: true
|
|
dnsPolicy: ClusterFirst
|
|
initContainers:
|
|
- command:
|
|
- sh
|
|
- -c
|
|
- until nc crowdsec-service.crowdsec 8080; do echo waiting for lapi to start;
|
|
sleep 5; done
|
|
image: busybox:1.28
|
|
imagePullPolicy: IfNotPresent
|
|
name: wait-for-lapi
|
|
resources: {}
|
|
terminationMessagePath: /dev/termination-log
|
|
terminationMessagePolicy: File
|
|
restartPolicy: Always
|
|
schedulerName: default-scheduler
|
|
securityContext: {}
|
|
terminationGracePeriodSeconds: 30
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
key: node-role.kubernetes.io/master
|
|
volumes:
|
|
- configMap:
|
|
defaultMode: 420
|
|
name: acquis-configmap
|
|
name: acquis-config-volume
|
|
- hostPath:
|
|
path: /var/log
|
|
type: ""
|
|
name: varlog
|
|
- name: crowdsec-agent-config
|
|
hostPath:
|
|
path: /mnt/local/crowdsec-agent
|
|
type: "DirectoryOrCreate"
|
|
- hostPath:
|
|
path: /var/lib/docker/containers
|
|
type: ""
|
|
name: varlibdockercontainers
|
|
updateStrategy:
|
|
rollingUpdate:
|
|
maxSurge: 0
|
|
maxUnavailable: 1
|
|
type: RollingUpdate
|