infra

Viktor Barzin c92590ae85 crowdsec: roll firewall-bouncer cluster-wide (remove node2 validation pin) One-node validation on k8s-node2 passed: kernel nftables sets created in both input and forward chains (policy accept), ~31k decisions loaded, a known banned scanner confirmed in the drop set, pod stable 4h+ with no collateral. Remove the nodeSelector so the DaemonSet runs on every node — direct-host enforcement now survives a MetalLB VIP failover to any worker. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-21 00:07:45 +00:00
..
crowdsec	crowdsec: roll firewall-bouncer cluster-wide (remove node2 validation pin)	2026-06-21 00:07:45 +00:00

Viktor Barzin c92590ae85 crowdsec: roll firewall-bouncer cluster-wide (remove node2 validation pin)

One-node validation on k8s-node2 passed: kernel nftables sets created in both
input and forward chains (policy accept), ~31k decisions loaded, a known banned
scanner confirmed in the drop set, pod stable 4h+ with no collateral. Remove the
nodeSelector so the DaemonSet runs on every node — direct-host enforcement now
survives a MetalLB VIP failover to any worker.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-21 00:07:45 +00:00

crowdsec

crowdsec: roll firewall-bouncer cluster-wide (remove node2 validation pin)

2026-06-21 00:07:45 +00:00