infra

History

Viktor Barzin 6139052104 [ci skip] add graceful degradation to CrowdSec bouncer middleware P0: Set updateMaxFailure=-1 (fail-open) Previously defaulted to 0 which blocked ALL traffic on first LAPI failure. Now serves from cached decisions when LAPI is unreachable. P1: Enable Redis cache for CrowdSec decisions Decisions are now shared across all 3 Traefik replicas and survive pod restarts. redisCacheUnreachableBlock=false prevents Redis from becoming another SPOF. P1: Add clientTrustedIPs for internal cluster traffic Node CIDR (10.0.20.0/24) and pod CIDR (10.10.0.0/16) bypass CrowdSec entirely, preventing internal cascade failures.	2026-03-01 02:36:53 +00:00
..
main.tf	[ci skip] add graceful degradation to CrowdSec bouncer middleware	2026-03-01 02:36:53 +00:00
middleware.tf	[ci skip] add graceful degradation to CrowdSec bouncer middleware	2026-03-01 02:36:53 +00:00

Viktor Barzin 6139052104 [ci skip] add graceful degradation to CrowdSec bouncer middleware

P0: Set updateMaxFailure=-1 (fail-open)
  Previously defaulted to 0 which blocked ALL traffic on first LAPI
  failure. Now serves from cached decisions when LAPI is unreachable.

P1: Enable Redis cache for CrowdSec decisions
  Decisions are now shared across all 3 Traefik replicas and survive
  pod restarts. redisCacheUnreachableBlock=false prevents Redis from
  becoming another SPOF.

P1: Add clientTrustedIPs for internal cluster traffic
  Node CIDR (10.0.20.0/24) and pod CIDR (10.10.0.0/16) bypass
  CrowdSec entirely, preventing internal cascade failures.

2026-03-01 02:36:53 +00:00

main.tf

[ci skip] add graceful degradation to CrowdSec bouncer middleware

2026-03-01 02:36:53 +00:00

middleware.tf

[ci skip] add graceful degradation to CrowdSec bouncer middleware

2026-03-01 02:36:53 +00:00