49 lines
1.7 KiB
YAML
49 lines
1.7 KiB
YAML
container_runtime: containerd
|
|
|
|
agent:
|
|
# To specify each pod you want to process it logs (pods present in the node)
|
|
acquisition:
|
|
# The namespace where the pod is located
|
|
- namespace: ingress-nginx
|
|
# The pod name
|
|
podName: ingress-nginx-controller-*
|
|
# as in crowdsec configuration, we need to specify the program name so the parser will match and parse logs
|
|
program: nginx
|
|
# Those are ENV variables
|
|
env:
|
|
# As it's a test, we don't want to share signals with CrowdSec so disable the Online API.
|
|
- name: DISABLE_ONLINE_API
|
|
value: "true"
|
|
# As we are running Nginx, we want to install the Nginx collection
|
|
- name: COLLECTIONS
|
|
value: "crowdsecurity/nginx"
|
|
lapi:
|
|
env:
|
|
# As it's a test, we don't want to share signals with CrowdSec, so disable the Online API.
|
|
- name: DISABLE_ONLINE_API
|
|
value: "true"
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
# we only want http to the backend so we need this annotation
|
|
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
|
|
# labels: {}
|
|
ingressClassName: "nginx"
|
|
host: "crowdsec.viktorbarzin.me" # crowdsec-api.example.com
|
|
tls:
|
|
- hosts:
|
|
- crowdsec.viktorbarzin.me
|
|
secretName: "tls-secret"
|
|
dashboard:
|
|
# -- Enable Metabase Dashboard (by default disabled)
|
|
enabled: true
|
|
annotations:
|
|
# metabase only supports http so we need this annotation
|
|
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
|
|
# labels: {}
|
|
ingressClassName: "nginx" # nginx
|
|
host: "crowdsec.viktorbarzin.me" # crowdsec-api.example.com
|
|
tls:
|
|
- hosts:
|
|
- crowdsec.viktorbarzin.me
|
|
secretName: "tls-secret"
|