[ci skip] Fix CrowdSec pods failing due to priority class mismatch

Kyverno injects priorityClassName tier-1-cluster on pods in the crowdsec
namespace, but pods had no explicit priorityClassName set, defaulting
priority to 0. Admission controller rejected the mismatch (0 vs 800000).

Set priorityClassName on LAPI, agent (Helm values) and crowdsec-web
(Terraform deployment).

modules/kubernetes/crowdsec/main.tf

@@ -133,6 +133,7 @@ resource "kubernetes_deployment" "crowdsec-web" {
         }
       }
       spec {
+        priority_class_name = "tier-1-cluster"
         container {
           name  = "crowdsec-web"
           image = "viktorbarzin/crowdsec_web"

modules/kubernetes/crowdsec/values.yaml

@@ -2,6 +2,7 @@
 container_runtime: containerd
 
 agent:
+  priorityClassName: "tier-1-cluster"
   # To specify each pod you want to process it logs (pods present in the node)
   acquisition:
     # The namespace where the pod is located
@@ -43,6 +44,7 @@ agent:
       configMap:
         name: crowdsec-whitelist
 lapi:
+  priorityClassName: "tier-1-cluster"
   replicas: 3
   extraSecrets:
     dbPassword: "${DB_PASSWORD}"

modules/kubernetes/main.tf

@@ -253,6 +253,8 @@ module "f1-stream" {
   for_each        = contains(local.active_modules, "f1-stream") ? { f1-stream = true } : {}
   tls_secret_name = var.tls_secret_name
   tier            = local.tiers.aux
+  turn_secret     = var.coturn_turn_secret
+  public_ip       = var.public_ip
 
   depends_on = [null_resource.core_services]
 }
@@ -263,6 +265,7 @@ module "coturn" {
   tls_secret_name = var.tls_secret_name
   tier            = local.tiers.edge
   turn_secret     = var.coturn_turn_secret
+  public_ip       = var.public_ip
 
   depends_on = [null_resource.core_services]
 }