adrien/ansible_role_k8s_crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
ansible_role_k8s_crowdsec/templates/helm-values.yaml.j2
Adrien Reslinger 31a1e97b04
First commit
2022-10-16 11:47:54 +02:00

96 lines
3 KiB
Django/Jinja
Raw Blame History

container_runtime: containerd
#secrets:
# username: ""
# password: ""
lapi:
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: htt;https
traefik.ingress.kubernetes.io/router.middlewares: internal@file
# labels: {}
ingressClassName: "traefik"
host: "crowdsec-api.{{ ingress_domain }}"
# tls: {}
env:
# As it's a test, we don't want to share signals with CrowdSec, so disable the Online API.
# - name: DISABLE_ONLINE_API
# value: "true"
- name: DISABLE_AGENT
value: "true"
{% if crowdsec_enrollment_key is defined %}
- name: ENROLL_KEY
value: "{{ crowdsec_enrollment_key }}"
- name: ENROLL_INSTANCE_NAME
value: "{{ ansible_hostname }}"
- name: ENROLL_TAGS
value: "k8s {{ ansible_hostname }}"
{% endif %}
dashboard:
# -- Enable Metabase Dashboard (by default disabled)
enabled: true
# -- Enable ingress object
ingress:
enabled: true
annotations:
# # metabase only supports http so we need this annotation
# nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
traefik.ingress.kubernetes.io/router.entrypoints: http,https
traefik.ingress.kubernetes.io/router.middlewares: internal@file
# labels: {}
ingressClassName: "traefik"
host: "crowdsec.{{ ingress_domain }}"
# tls: {}
persistentVolume:
# -- Persistent volume for data folder. Stores e.g. registered bouncer api keys
data:
enabled: true
accessModes:
- ReadWriteOnce
storageClassName: "longhorn"
size: 1Gi
# -- Persistent volume for config folder. Stores e.g. online api credentials
config:
enabled: true
accessModes:
- ReadWriteOnce
storageClassName: "longhorn"
size: 100Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
agent:
# To specify each pod you want to process it logs (pods present in the node)
acquisition:
# The namespace where the pod is located
- namespace: "{{ traefik_namespace }}"
# The pod name
podName: traefik-*
# as in crowdsec configuration, we need to specify the program name so the parser will match and parse logs
program: traefik
persistentVolume:
# -- Persistent volume for config folder. Stores local config (parsers, scenarios etc.)
config:
enabled: false
accessModes:
- ReadWriteOnce
storageClassName: "local-path"
size: 100Mi
# Those are ENV variables
env:
# As it's a test, we don't want to share signals with CrowdSec so disable the Online API.
#- name: DISABLE_ONLINE_API
# value: "true"
- name: PARSERS
value: "crowdsecurity/cri-logs"
# As we are running Nginx, we want to install the Nginx collection
- name: COLLECTIONS
value: "crowdsecurity/traefik"
- name: SCENARIOS
value: "crowdsecurity/linux-lpe crowdsecurity/http-crawl-non_statics"
metrics:
enabled: true
serviceMonitor:
enabled: true
Reference in a new issue View git blame Copy permalink