traefik/crowdsec: remove dead Yaegi-plugin middleware reference (PR1/2)

The Traefik CrowdSec (Yaegi) bouncer plugin enforces nothing on Traefik 3.7.5
(handler never invoked) and is fully superseded by the cs-firewall-bouncer
(in-kernel nftables drop on direct hosts) + the Cloudflare IP-List/WAF rule
(proxied hosts). Drop the `traefik-crowdsec@kubernetescrd` middleware from the
ingress_factory chain and the 8 explicit `exclude_crowdsec = true` call sites,
and delete the now-unused `exclude_crowdsec` variable.

This is PR1 of a 2-phase removal: the reference is removed FIRST (a shared-module
change → full-cluster apply re-renders every ingress without the middleware) so
that PR2 can delete the `crowdsec` Middleware CRD + the plugin itself WITHOUT
leaving any ingress pointing at a missing middleware (which would error those
routers). PR2 MUST NOT land until this has fully applied and zero live ingresses
reference traefik-crowdsec@kubernetescrd.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

This commit is contained in:

Viktor Barzin

2026-06-21 00:15:12 +00:00

parent 9774ae3d19

commit 84a18a5529

7 changed files with 15 additions and 34 deletions

									
										1

stacks/authentik/guest.tf
									
										View file
										
				@ -211,7 +211,6 @@ module "ingress_public_outpost" {

				  tls_secret_name  = var.tls_secret_name

				  dns_type         = "proxied"

				  anti_ai_scraping = false

				  exclude_crowdsec = true

				  homepage_enabled = false

				  depends_on       = [authentik_outpost.public]

				}

Rows
Columns

traefik/crowdsec: remove dead Yaegi-plugin middleware reference (PR1/2)

1 stacks/authentik/guest.tf Unescape Escape View file

1

stacks/authentik/guest.tf

View file