crowdsec: firewall-bouncer cluster-wide (remove node2 pin) #7

Merged

viktor merged 1 commit from wizard/cs-fw-allnodes into master

2026-06-21 00:08:16 +00:00

Author	SHA1	Message	Date
Viktor Barzin	c92590ae85	crowdsec: roll firewall-bouncer cluster-wide (remove node2 validation pin) One-node validation on k8s-node2 passed: kernel nftables sets created in both input and forward chains (policy accept), ~31k decisions loaded, a known banned scanner confirmed in the drop set, pod stable 4h+ with no collateral. Remove the nodeSelector so the DaemonSet runs on every node — direct-host enforcement now survives a MetalLB VIP failover to any worker. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-21 00:07:45 +00:00

Author

SHA1

Message

Date

Viktor Barzin

c92590ae85

crowdsec: roll firewall-bouncer cluster-wide (remove node2 validation pin)

One-node validation on k8s-node2 passed: kernel nftables sets created in both
input and forward chains (policy accept), ~31k decisions loaded, a known banned
scanner confirmed in the drop set, pod stable 4h+ with no collateral. Remove the
nodeSelector so the DaemonSet runs on every node — direct-host enforcement now
survives a MetalLB VIP failover to any worker.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-21 00:07:45 +00:00