0cc48d83ac
With the plugin on v1.6.0 the stream goroutine finally runs, and its slog output revealed the real blocker: `handleStreamTicker ... isCrowdsecStreamHealthy:true cache:unreachable`. The LAPI stream is healthy, but the plugin's redis client cannot reach the cache under Traefik's Yaegi interpreter — even though redis-master.redis.svc is reachable AND writable from the traefik namespace (SET/GET verified via busybox; no NetworkPolicies; no auth). Same interpreter -incompat class as the stream goroutine itself. With redisCacheUnreachableBlock =false the bouncer then failed open and enforced nothing. Disable the redis cache so the plugin uses its in-memory decision store (works under Yaegi). Removes redisCacheHost/redisCacheUnreachableBlock. Trade-off: captcha already-solved grace is per-pod across the 3 Traefik replicas (at worst an occasional re-solve) — acceptable; bans/captcha decisions enforce correctly. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| modules/traefik | ||
| main.tf | ||
| secrets | ||
| terragrunt.hcl | ||