viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

crowdsec: firewall-bouncer cluster-wide (remove node2 pin) #7

Merged
viktor merged 1 commit from wizard/cs-fw-allnodes into master 2026-06-21 00:08:16 +00:00
Conversation 0 Commits 1 Files changed 1 +12 -16
viktor commented 2026-06-21 00:07:57 +00:00
Owner
Copy link

One-node validation passed (kernel nft verified); remove nodeSelector so the bouncer runs on all nodes and survives VIP failover.

One-node validation passed (kernel nft verified); remove nodeSelector so the bouncer runs on all nodes and survives VIP failover.
viktor added 1 commit 2026-06-21 00:07:58 +00:00 
One-node validation on k8s-node2 passed: kernel nftables sets created in both
input and forward chains (policy accept), ~31k decisions loaded, a known banned
scanner confirmed in the drop set, pod stable 4h+ with no collateral. Remove the
nodeSelector so the DaemonSet runs on every node — direct-host enforcement now
survives a MetalLB VIP failover to any worker.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
viktor merged commit 9774ae3d19 into master 2026-06-21 00:08:16 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: viktor/infra#7
No description provided.
Delete branch "wizard/cs-fw-allnodes"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?