No introduction found. Create it?
Install with:
helm repo add crowdsec https://crowdsecurity.github.io/helm-charts/
helm install crowdsec crowdsec/crowdsec -f values.yamlSee examples from other people.
| Name | Repo | Stars | Version | Timestamp |
|---|---|---|---|---|
| crowdsec | xunholy/k8s-gitops | 620 | 0.22.0 | 14 days ago |
| crowdsec | pascaliske/infrastructure | 69 | 0.22.0 | 22 days ago |
See the most popular values for this chart:
| Key | Types |
|---|---|
container_runtime (6) containerd | string |
| boolean | |
| boolean | |
| boolean | |
| boolean | |
lapi.dashboard.ingress.host (3) crowdsec.${DOMAIN_0} | string |
| string | |
| string | |
| string | |
| string | |
| string | |
lapi.dashboard.ingress.annotations."traefik.ingress.kubernetes.io/router.middlewares" (2) traefik-chain-basic@kubernetescrd,traefik-bouncer@kubernetescrd,traefik-local@kubernetescrd | string |
| string | |
| string | |
lapi.dashboard.ingress.tls[].hosts[] (1) - crowdsec-dashboard.${SECRET_DOMAIN} | string |
lapi.env[].name (5) DISABLE_ONLINE_API | string |
lapi.env[].value (5) false | string |
| string | |
lapi.env[].valueFrom.secretKeyRef.name (2) crowdsec-secret | string |
| boolean | |
lapi.persistentVolume.config.accessModes[] (2) - ReadWriteOnce | string |
| string | |
lapi.persistentVolume.config.existingClaim (1) crowdsec-config-pvc | string |
| string | |
| boolean | |
lapi.persistentVolume.data.accessModes[] (2) - ReadWriteOnce | string |
| string | |
lapi.persistentVolume.data.existingClaim (1) crowdsec-db-pvc | string |
| string | |
| boolean | |
lapi.ingress.host (1) crowdsec.${SECRET_DOMAIN} | string |
| string | |
lapi.ingress.tls[].hosts[] (1) - crowdsec.${SECRET_DOMAIN} | string |
| string | |
| string | |
| string | |
lapi.extraVolumeMounts[].mountPath (1) /etc/crowdsec_data/notifications/http.yaml | string |
lapi.extraVolumeMounts[].name (1) http-config | string |
| boolean | |
lapi.extraVolumes[].hostPath.path (1) /home/elraro/home-ops/volumes/crowdsec/http.yaml | string |
lapi.extraVolumes[].name (1) http-config | string |
| string | |
| string | |
| string | |
| string | |
agent.acquisition[].podName (5) traefik-* | string |
| string | |
| boolean | |
| boolean | |
agent.env[].name (4) PARSERS | string |
agent.env[].value (4) crowdsecurity/cri-logs | string |
agent.additionalAcquisition[].filenames[] (1) - /nextcloud.log | string |
| string | |
| string | |
| boolean | |
agent.enabled (1) false | boolean |
agent.extraVolumeMounts[].mountPath (1) /nextcloud.log | string |
agent.extraVolumeMounts[].name (1) nextcloud-log | string |
agent.extraVolumeMounts[].readOnly (1) true | boolean |
agent.extraVolumes[].hostPath.path (1) /mnt/sdc1/nextcloud/data/nextcloud.log | string |
agent.extraVolumes[].name (1) nextcloud-log | string |
| boolean | |
agent.persistentVolume.config.existingClaim (1) crowdsec-agent-config-pvc | string |
agent.tolerations[].effect (1) NoSchedule | string |
agent.tolerations[].key (1) node-role.kubernetes.io/control-plane | string |
| string | |
tls.enabled (3) true | boolean |
| string | |
image.pullPolicy (2) IfNotPresent | string |
image.repository (2) ghcr.io/crowdsecurity/crowdsec | string |
image.tag (2) v1.7.6 | string |
config."config.yaml.local" (1) api:
server:
auto_registration: # Activate if not using TLS for authentication
enabled: true
token: "${REGISTRATION_TOKEN}" # /!\ Do not modify this variable (auto-generated and handled by the chart)
allowed_ranges: # /!\ Make sure to adapt to the pod IP ranges used by your cluster
- "127.0.0.1/32"
- "10.42.0.0/16"
| string |
config."profiles.yaml" (1) name: default_ip_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
decisions:
- type: ban
duration: 4h
notifications:
- http_default
on_success: break
| string |
| boolean | |
reflector.env[].name (1) OPNSENSE_URL | string |
reflector.env[].value (1) https://opnsense.${SECRET_DOMAIN} | string |
reflector.env[].valueFrom.secretKeyRef.key (1) opnsense-api-key | string |
reflector.env[].valueFrom.secretKeyRef.name (1) crowdsec-secret | string |