mirror of
https://github.com/JamesTurland/JimsGarage.git
synced 2024-11-25 01:10:22 +00:00
adding crowdsec to kubernetes
This commit is contained in:
parent
521f040ad9
commit
50ca8e0ab8
3 changed files with 205 additions and 0 deletions
127
Kubernetes/CrowdSec/CrowdSec/values.yaml
Normal file
127
Kubernetes/CrowdSec/CrowdSec/values.yaml
Normal file
|
@ -0,0 +1,127 @@
|
|||
container_runtime: containerd
|
||||
# Here you can specify your own custom configuration to be loaded in crowdsec agent or lapi
|
||||
# Each config needs to be a multi-line using '|' in YAML specs
|
||||
# for the agent those configs will be loaded : parsers, scenarios, postoverflows, simulation.yaml
|
||||
# for the lapi those configs will be loaded : profiles.yaml, notifications, console.yaml
|
||||
config:
|
||||
profiles.yaml: |
|
||||
name: default_ip_remediation
|
||||
#debug: true
|
||||
filters:
|
||||
- Alert.Remediation == true && Alert.GetScope() == "Ip"
|
||||
decisions:
|
||||
- type: ban
|
||||
duration: 4h
|
||||
#duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
|
||||
notifications:
|
||||
# - slack_default # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
|
||||
# - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
|
||||
- http_default # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
|
||||
# - email_default # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
|
||||
notifications:
|
||||
http.yaml: |
|
||||
type: http # Don't change
|
||||
name: http_default # Must match the registered plugin in the profile
|
||||
|
||||
# One of "trace", "debug", "info", "warn", "error", "off"
|
||||
log_level: info
|
||||
|
||||
# group_wait: # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
|
||||
# group_threshold: # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
|
||||
# max_retry: # Number of attempts to relay messages to plugins in case of error
|
||||
# timeout: # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"
|
||||
|
||||
#-------------------------
|
||||
# plugin-specific options
|
||||
|
||||
# The following template receives a list of models.Alert objects
|
||||
# The output goes in the http request body
|
||||
format: |
|
||||
{{ range . -}}
|
||||
{{ $alert := . -}}
|
||||
{
|
||||
"extras": {
|
||||
"client::display": {
|
||||
"contentType": "text/markdown"
|
||||
}
|
||||
},
|
||||
"priority": 3,
|
||||
{{range .Decisions -}}
|
||||
"title": "{{.Type }} {{ .Value }} for {{.Duration}}",
|
||||
"message": "{{.Scenario}} \n\n[crowdsec cti](https://app.crowdsec.net/cti/{{.Value -}}) \n\n[shodan](https://shodan.io/host/{{.Value -}})"
|
||||
{{end -}}
|
||||
}
|
||||
{{ end -}}
|
||||
|
||||
# The plugin will make requests to this url, eg: https://www.example.com/
|
||||
url: https://gotify.YOUR-DOMAIN.COM/message
|
||||
|
||||
# Any of the http verbs: "POST", "GET", "PUT"...
|
||||
method: POST
|
||||
|
||||
headers:
|
||||
X-Gotify-Key: YOUR-KEY
|
||||
Content-Type: application/json
|
||||
skip_tls_verification: true
|
||||
tls:
|
||||
enabled: true
|
||||
bouncer:
|
||||
reflector:
|
||||
namespaces: ["traefik"]
|
||||
agent:
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
operator: Equal
|
||||
effect: NoSchedule
|
||||
# Specify each pod whose logs you want to process
|
||||
acquisition:
|
||||
# The namespace where the pod is located
|
||||
- namespace: traefik
|
||||
# The pod name
|
||||
podName: traefik-*
|
||||
# as in crowdsec configuration, we need to specify the program name to find a matching parser
|
||||
program: traefik
|
||||
env:
|
||||
- name: PARSERS
|
||||
value: "crowdsecurity/cri-logs crowdsecurity/whitelists"
|
||||
- name: COLLECTIONS
|
||||
value: "crowdsecurity/linux crowdsecurity/traefik crowdsecurity/home-assistant LePresidente/authelia Dominic-Wagner/vaultwarden crowdsecurity/unifi"
|
||||
# When testing, allow bans on private networks
|
||||
#- name: DISABLE_PARSERS
|
||||
# value: "crowdsecurity/whitelists"
|
||||
persistentVolume:
|
||||
config:
|
||||
enabled: false
|
||||
nodeSelector:
|
||||
worker: "true"
|
||||
image:
|
||||
pullPolicy: Always
|
||||
lapi:
|
||||
dashboard:
|
||||
enabled: false
|
||||
ingress:
|
||||
host: dashboard.local
|
||||
enabled: true
|
||||
persistentVolume:
|
||||
config:
|
||||
enabled: true
|
||||
resources:
|
||||
limits:
|
||||
memory: 200Mi
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 200Mi
|
||||
env:
|
||||
# For an internal test, disable the Online API
|
||||
- name: DISABLE_ONLINE_API
|
||||
value: "false"
|
||||
- name: ENROLL_KEY
|
||||
value: "YOUR-CLOUD-API-KEY"
|
||||
- name: ENROLL_INSTANCE_NAME
|
||||
value: "CLUSTER-NAME"
|
||||
- name: ENROLL_TAGS
|
||||
value: "homelab"
|
||||
nodeSelector:
|
||||
worker: "true"
|
||||
image:
|
||||
pullPolicy: Always
|
2
Kubernetes/CrowdSec/Reflector/values.yaml
Normal file
2
Kubernetes/CrowdSec/Reflector/values.yaml
Normal file
|
@ -0,0 +1,2 @@
|
|||
nodeSelector:
|
||||
worker: "true"
|
76
Kubernetes/CrowdSec/Traefik/values.yaml
Normal file
76
Kubernetes/CrowdSec/Traefik/values.yaml
Normal file
|
@ -0,0 +1,76 @@
|
|||
globalArguments:
|
||||
- "--global.sendanonymoususage=false"
|
||||
- "--global.checknewversion=true"
|
||||
|
||||
additionalArguments:
|
||||
- "--serversTransport.insecureSkipVerify=true"
|
||||
- "--log.level=INFO"
|
||||
- "--experimental.plugins.bouncer.moduleName=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
|
||||
- "--experimental.plugins.bouncer.version=v1.1.16"
|
||||
- "--entrypoints.web.http.middlewares=traefik-bouncer@kubernetescrd"
|
||||
- "--entrypoints.websecure.http.middlewares=traefik-bouncer@kubernetescrd"
|
||||
- "--providers.kubernetescrd"
|
||||
|
||||
deployment:
|
||||
enabled: true
|
||||
replicas: 2
|
||||
annotations: {}
|
||||
podAnnotations: {}
|
||||
additionalContainers: []
|
||||
initContainers: []
|
||||
|
||||
nodeSelector:
|
||||
worker: "true"
|
||||
|
||||
ports:
|
||||
web:
|
||||
redirectTo: websecure
|
||||
websecure:
|
||||
tls:
|
||||
enabled: true
|
||||
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
enabled: false
|
||||
|
||||
providers:
|
||||
kubernetesCRD:
|
||||
enabled: true
|
||||
ingressClass: traefik-external
|
||||
allowExternalNameServices: true
|
||||
allowCrossNamespace: true
|
||||
kubernetesIngress:
|
||||
enabled: true
|
||||
allowExternalNameServices: true
|
||||
publishedService:
|
||||
enabled: false
|
||||
|
||||
rbac:
|
||||
enabled: true
|
||||
|
||||
service:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
annotations: {}
|
||||
labels: {}
|
||||
spec:
|
||||
loadBalancerIP: 192.168.3.65 # this should be an IP in the Kube-VIP LB range
|
||||
externalTrafficPolicy: Local # required to show the source IP - Cluster will not show internal IP and crowdsec will not work
|
||||
loadBalancerSourceRanges: []
|
||||
externalIPs: []
|
||||
|
||||
logs:
|
||||
access:
|
||||
enabled: true
|
||||
|
||||
experimental:
|
||||
plugins:
|
||||
enabled: true
|
||||
|
||||
volumes:
|
||||
- name: crowdsec-bouncer-tls
|
||||
mountPath: /etc/traefik/crowdsec-certs/
|
||||
type: secret
|
||||
|
||||
image:
|
||||
pullPolicy: Always
|
Loading…
Reference in a new issue