[ci skip] Fix CrowdSec pods failing due to priority class mismatch

Kyverno injects priorityClassName tier-1-cluster on pods in the crowdsec namespace, but pods had no explicit priorityClassName set, defaulting priority to 0. Admission controller rejected the mismatch (0 vs 800000). Set priorityClassName on LAPI, agent (Helm values) and crowdsec-web (Terraform deployment).
2026-02-21 19:18:15 +00:00 · 2026-02-21 19:18:15 +00:00 · de9c0869ba
commit de9c0869ba
parent fd6f9166a9
3 changed files with 6 additions and 0 deletions
--- a/modules/kubernetes/crowdsec/main.tf
+++ b/modules/kubernetes/crowdsec/main.tf
@ -133,6 +133,7 @@ resource "kubernetes_deployment" "crowdsec-web" {
        }
      }
      spec {
+        priority_class_name = "tier-1-cluster"
        container {
          name  = "crowdsec-web"
          image = "viktorbarzin/crowdsec_web"
--- a/modules/kubernetes/crowdsec/values.yaml
+++ b/modules/kubernetes/crowdsec/values.yaml
@ -2,6 +2,7 @@
 container_runtime: containerd

 agent:
+  priorityClassName: "tier-1-cluster"
  # To specify each pod you want to process it logs (pods present in the node)
  acquisition:
    # The namespace where the pod is located
@ -43,6 +44,7 @@ agent:
      configMap:
        name: crowdsec-whitelist
 lapi:
+  priorityClassName: "tier-1-cluster"
  replicas: 3
  extraSecrets:
    dbPassword: "${DB_PASSWORD}"