crowdsec helm

No introduction found. Create it?

Install

Install with:

helm repo add crowdsec oci://ghcr.io/bjw-s-labs/charts/
helm install crowdsec crowdsec/crowdsec -f values.yaml

Examples

See examples from other people.

Top Repositories (2 out of 7)

NameRepoStarsVersionTimestamp
crowdsecm00nwtchr/homelab-cluster360.20.15 months ago
crowdsecToaHartor/maisonneux430.20.16 months ago

Values

See the most popular values for this chart:

KeyTypes
container_runtime (6)
containerd
string
config."config.yaml.local" (5)
api: server: auto_registration: enabled: true token: ${REGISTRATION_TOKEN} allowed_ranges: - ${POD_CIDR} db_config: type: postgresql user: ${DB_USERNAME} password: ${DB_PASSWORD} db_name: ${DB_NAME} host: ${DB_HOST} port: 5432
string
config."profiles.yaml" (3)
name: default_ip_remediation debug: false filters: - Alert.Remediation == true && Alert.GetScope() == "Ip" decisions: - type: ban duration: 24h on_success: break
string
config."agent_config.yaml.local" (2)
api: client: unregister_on_exit: true
string
config."appsec_config.yaml.local" (2)
api: client: unregister_on_exit: true
string
config."console.yaml" (2)
share_manual_decisions: false share_custom: true share_tainted: true share_context: true
string
config.parsers.s01-parse."envoy-logs.yaml" (2)
filter: "evt.Parsed.program startsWith 'envoy' && evt.Parsed.message contains ':authority'" onsuccess: next_stage name: hydaz/envoy-logs description: "Parse Envoy access logs to match nginx parser outputs" statics: - parsed: json expression: UnmarshalJSON(evt.Parsed.message, evt.Unmarshaled, "envoy") - parsed: time_local expression: evt.Unmarshaled.envoy["start_time"] - parsed: remote_addr expression: Split(evt.Unmarshaled.envoy["x-forwarded-for"], ",")[0] - parsed: verb expression: evt.Unmarshaled.envoy["method"] - parsed: request expression: evt.Unmarshaled.envoy["x-envoy-origin-path"] - parsed: http_version expression: TrimPrefix(evt.Unmarshaled.envoy["protocol"], "HTTP/") - parsed: status expression: Sprintf('%.0f', evt.Unmarshaled.envoy["response_code"]) - parsed: body_bytes_sent expression: Sprintf('%.0f', evt.Unmarshaled.envoy["bytes_sent"]) - parsed: http_user_agent expression: evt.Unmarshaled.envoy["user-agent"] - parsed: target_fqdn expression: evt.Unmarshaled.envoy[":authority"] - meta: service value: http - meta: log_type value: http_access-log - meta: source_ip expression: evt.Parsed.remote_addr - meta: http_status expression: evt.Parsed.status - meta: http_path expression: evt.Parsed.request - meta: http_verb expression: evt.Parsed.verb - meta: http_user_agent expression: evt.Parsed.http_user_agent - meta: target_fqdn expression: evt.Parsed.target_fqdn
string
config.parsers.s02-enrich."envoy-418-whitelist.yaml" (2)
name: hydaz/envoy-418-whitelist description: "Whitelist 418 responses from the envoy bouncer to prevent processing already banned IPs" filter: "evt.Meta.service == 'http' && evt.Meta.log_type == 'http_access-log'" whitelist: reason: "envoy bouncer response to already banned ips" expression: - "evt.Meta.http_status == '418'"
string
config.parsers.s02-enrich."wordpress-api-whitelist.yaml" (1)
name: hydaz/wordpress-api-whitelist description: "Whitelist legitimate WordPress API calls" filter: "evt.Meta.service == 'http' && evt.Meta.log_type == 'http_access-log'" whitelist: reason: "legitimate wordpress api call" expression: - "evt.Meta.http_path contains '/wp-json/wp/v2/posts' && evt.Meta.http_path contains 'context=edit' && evt.Meta.http_status == '200'"
string
config.notifications."http.yaml" (1)
type: http name: http_victorialogs log_level: info # JSON Lines 格式要求每条记录必须是单行 # 字段说明: # _msg: 消息内容, _time: 时间戳(毫秒), instance: 实例名 # country: 国家, asname: AS名称, asnumber: AS号 # latitude/longitude: 经纬度, iprange: IP范围 # scenario: 场景, type: 类型, duration: 时长, scope: 范围, ip: IP地址 format: | {{- range $Alert := . -}} {{- range .Decisions }} {"_msg":"CrowdSec Decision: {{.Scenario}}","_time":"{{now | unixEpoch}}000","instance":"k8s","country":{{$Alert.Source.Cn | toJson}},"asname":{{$Alert.Source.AsName | toJson}},"asnumber":"{{$Alert.Source.AsNumber}}","latitude":"{{$Alert.Source.Latitude}}","longitude":"{{$Alert.Source.Longitude}}","iprange":{{$Alert.Source.Range | toJson}},"scenario":{{.Scenario | toJson}},"type":{{.Type | toJson}},"duration":{{.Duration | toJson}},"scope":{{.Scope | toJson}},"ip":{{.Value | toJson}}} {{- end }} {{- end -}} url: http://victoria-logs-server.observability.svc.cluster.local:9428/insert/jsonline?_stream_fields=instance,scenario method: POST headers: Content-Type: application/stream+json
string
config.notifications."wecom.yaml" (1)
type: http name: http_wecom log_level: info format: | {{- range $Alert := . -}} {{- range .Decisions }} { "msgtype": "markdown", "markdown": { "content": "🚨 **CrowdSec 安全告警**\n> **场景**: {{ .Scenario }}\n> **IP**: {{ .Value }}\n> **国家**: {{ $Alert.Source.Cn }}\n> **ASN**: {{ $Alert.Source.AsName }} ({{ $Alert.Source.AsNumber }})\n> **封禁时长**: {{ .Duration }}\n> **类型**: {{ .Type }}" } } {{- end }} {{- end -}} url: https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=${WECOM_BOT_TOKEN} method: POST headers: Content-Type: application/json
string
config.postoverflows.s01-whitelist."01-whitelist-home.yaml" (1)
name: crowdsec/whitelist-home description: "Whitelist home IP ranges" whitelist: reason: "Home networks" cidr: - "10.0.0.0/16" - "${CLUSTER_POD_CIDR}"
string
lapi.env[].name (5)
TZ
ENROLL_INSTANCE_NAME
DB_TYPE
DB_PORT
string
lapi.env[].value (4)
${TIMEZONE}
cluster
postgresql
5432
string
lapi.env[].valueFrom.secretKeyRef.key (2)
csLapiSecret
password
string
lapi.env[].valueFrom.secretKeyRef.name (2)
crowdsec-lapi-secrets
${APP}-db-creds
string
lapi.metrics.serviceMonitor.enabled (5)
true
boolean
lapi.metrics.enabled (4)
true
boolean
lapi.persistentVolume.config.enabled (5)
false
boolean
lapi.persistentVolume.config.accessModes[] (1)
- ReadWriteOnce
string
lapi.persistentVolume.config.existingClaim (1)
crowdsec
string
lapi.persistentVolume.config.size (1)
100Mi
string
lapi.persistentVolume.config.subPath (1)
config
string
lapi.persistentVolume.data.enabled (5)
false
boolean
lapi.persistentVolume.data.accessModes[] (1)
- ReadWriteOnce
string
lapi.persistentVolume.data.existingClaim (1)
crowdsec-data
string
lapi.persistentVolume.data.size (1)
1Gi
string
lapi.envFrom[].secretRef.name (3)
crowdsec-secret
string
lapi.resources.requests.cpu (3)
100m
string
lapi.resources.requests.memory (2)
256Mi
string
lapi.resources.limits.memory (2)
512Mi
string
lapi.strategy.type (3)
RollingUpdate
string
lapi.replicas (2)
2
number
lapi.service.annotations."lbipam.cilium.io/ips" (2)
${CROWDSEC_LB_IP}
string
lapi.service.type (2)
LoadBalancer
string
lapi.service.externalTrafficPolicy (1)
Local
string
lapi.storeCAPICredentialsInSecret (2)
false
boolean
lapi.dashboard.enabled (1)
false
boolean
lapi.deployAnnotations."configmap.reloader.stakater.com/auto" (1)
true
string
lapi.deployAnnotations."secret.reloader.stakater.com/reload" (1)
${SECRET_KEY_NAME},${APP}-db-creds
string
lapi.extraInitContainers[].envFrom[].secretRef.name (1)
crowdsec-init-db-secret
string
lapi.extraInitContainers[].image (1)
ghcr.io/home-operations/postgres-init:18@sha256:5086f94abc783f1147d7c2a32c01db00ab594820026e4f6a82ac2af3dbde7fc7
string
lapi.extraInitContainers[].name (1)
init-db
string
lapi.podLabels."app.kubernetes.io/name" (1)
crowdsec-lapi
string
lapi.podSecurityContext.seccompProfile.type (1)
RuntimeDefault
string
lapi.securityContext.allowPrivilegeEscalation (1)
false
boolean
lapi.securityContext.capabilities.drop[] (1)
- ALL
string
lapi.securityContext.privileged (1)
false
boolean
lapi.storeLAPICscliCredentialsInSecret (1)
true
boolean
agent.acquisition[].namespace (4)
network
string
agent.acquisition[].podName (4)
envoy-*
string
agent.acquisition[].program (4)
envoy
string
agent.acquisition[].poll_without_inotify (2)
true
boolean
agent.env[].name (4)
COLLECTIONS
PARSERS
TZ
string
agent.env[].value (4)
crowdsecurity/base-http-scenarios crowdsecurity/http-cve
crowdsecurity/cri-logs
${TIMEZONE}
string
agent.metrics.serviceMonitor.enabled (4)
true
boolean
agent.metrics.enabled (3)
true
boolean
agent.enabled (2)
true
boolean
agent.resources.requests.cpu (2)
100m
string
agent.resources.requests.memory (1)
128Mi
string
agent.resources.limits.memory (1)
256Mi
string
agent.additionalAcquisition[].labels.type (1)
syslog
string
agent.additionalAcquisition[].listen_addr (1)
0.0.0.0
string
agent.additionalAcquisition[].listen_port (1)
514
number
agent.additionalAcquisition[].source (1)
syslog
string
agent.hostVarLog (1)
false
boolean
agent.isDeployment (1)
true
boolean
agent.persistentVolume.config.enabled (1)
false
boolean
agent.podSecurityContext.seccompProfile.type (1)
RuntimeDefault
string
agent.replicas (1)
2
number
agent.securityContext.allowPrivilegeEscalation (1)
false
boolean
agent.securityContext.capabilities.drop[] (1)
- ALL
string
agent.securityContext.privileged (1)
false
boolean
agent.service.annotations."lbipam.cilium.io/ips" (1)
${CROWDSEC_AGENT_LB_IP}
string
agent.service.ports[].name (1)
syslog
string
agent.service.ports[].port (1)
514
number
agent.service.ports[].protocol (1)
UDP
string
agent.service.ports[].targetPort (1)
514
number
agent.service.type (1)
LoadBalancer
string
agent.strategy.type (1)
RollingUpdate
string
agent.wait_for_lapi.securityContext.allowPrivilegeEscalation (1)
false
boolean
agent.wait_for_lapi.securityContext.capabilities.drop[] (1)
- ALL
string
agent.wait_for_lapi.securityContext.privileged (1)
false
boolean
appsec.enabled (4)
true
boolean
appsec.acquisitions[].appsec_config (2)
crowdsecurity/appsec-default
string
appsec.acquisitions[].labels.type (2)
appsec
string
appsec.acquisitions[].listen_addr (2)
0.0.0.0:7422
string
appsec.acquisitions[].path (2)
/
string
appsec.acquisitions[].source (2)
appsec
string
appsec.env[].name (2)
COLLECTIONS
string
appsec.env[].value (2)
crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-crs crowdsecurity/appsec-generic-rules
string
appsec.strategy.type (2)
RollingUpdate
string
appsec.metrics.enabled (1)
true
boolean
appsec.metrics.serviceMonitor.enabled (1)
true
boolean
appsec.podSecurityContext.seccompProfile.type (1)
RuntimeDefault
string
appsec.replicas (1)
2
number
appsec.resources.limits.memory (1)
256Mi
string
appsec.resources.requests.cpu (1)
100m
string
appsec.resources.requests.memory (1)
128Mi
string
appsec.securityContext.allowPrivilegeEscalation (1)
false
boolean
appsec.securityContext.capabilities.drop[] (1)
- ALL
string
appsec.securityContext.privileged (1)
false
boolean
appsec.service.type (1)
ClusterIP
string
appsec.wait_for_lapi.securityContext.allowPrivilegeEscalation (1)
false
boolean
appsec.wait_for_lapi.securityContext.capabilities.drop[] (1)
- ALL
string
appsec.wait_for_lapi.securityContext.privileged (1)
false
boolean
controllers.crowdsec.annotations."reloader.stakater.com/auto" (1)
true
string
controllers.crowdsec.containers.app.env.CROWDSEC_BYPASS_DB_VOLUME_CHECK (1)
true
string
controllers.crowdsec.containers.app.env.CUSTOM_HOSTNAME (1)
crowdsec-lapi
string
controllers.crowdsec.containers.app.env.DISABLE_AGENT (1)
true
string
controllers.crowdsec.containers.app.env.DISABLE_ONLINE_API (1)
true
string
controllers.crowdsec.containers.app.env.POSTGRES_PASSWORD.valueFrom.secretKeyRef.key (1)
password
string
controllers.crowdsec.containers.app.env.POSTGRES_PASSWORD.valueFrom.secretKeyRef.name (1)
crowdsec-postgres
string
controllers.crowdsec.containers.app.envFrom[].secretRef.name (1)
crowdsec
string
controllers.crowdsec.containers.app.image.repository (1)
docker.io/crowdsecurity/crowdsec
string
controllers.crowdsec.containers.app.image.tag (1)
v1.7.8@sha256:2f527c9bb8b367120eb08b82890aa912ce96bfa1ada93dda0721700e4b4e0dde
string
controllers.crowdsec.containers.app.probes.liveness.custom (1)
true
boolean
controllers.crowdsec.containers.app.probes.liveness.enabled (1)
true
boolean
controllers.crowdsec.containers.app.probes.liveness.spec.failureThreshold (1)
3
number
controllers.crowdsec.containers.app.probes.liveness.spec.httpGet.path (1)
/health
string
controllers.crowdsec.containers.app.probes.liveness.spec.httpGet.port (1)
8080
number
controllers.crowdsec.containers.app.probes.liveness.spec.initialDelaySeconds (1)
10
number
controllers.crowdsec.containers.app.probes.liveness.spec.periodSeconds (1)
15
number
controllers.crowdsec.containers.app.probes.liveness.spec.timeoutSeconds (1)
1
number
controllers.crowdsec.containers.app.probes.readiness.custom (1)
true
boolean
controllers.crowdsec.containers.app.probes.readiness.enabled (1)
true
boolean
controllers.crowdsec.containers.app.probes.readiness.spec.failureThreshold (1)
3
number
controllers.crowdsec.containers.app.probes.readiness.spec.httpGet.path (1)
/health
string
controllers.crowdsec.containers.app.probes.readiness.spec.httpGet.port (1)
8080
number
controllers.crowdsec.containers.app.probes.readiness.spec.initialDelaySeconds (1)
10
number
controllers.crowdsec.containers.app.probes.readiness.spec.periodSeconds (1)
15
number
controllers.crowdsec.containers.app.probes.readiness.spec.timeoutSeconds (1)
1
number
controllers.crowdsec.containers.app.resources.limits.memory (1)
256Mi
string
controllers.crowdsec.containers.app.resources.requests.cpu (1)
25m
string
controllers.crowdsec.containers.app.resources.requests.memory (1)
128Mi
string
controllers.crowdsec.containers.app.securityContext.allowPrivilegeEscalation (1)
false
boolean
controllers.crowdsec.containers.app.securityContext.capabilities.drop[] (1)
- ALL
string
controllers.crowdsec.containers.app.securityContext.readOnlyRootFilesystem (1)
true
boolean
controllers.crowdsec.strategy (1)
Recreate
string
defaultPodOptions.automountServiceAccountToken (1)
false
boolean
defaultPodOptions.securityContext.fsGroup (1)
1000
number
defaultPodOptions.securityContext.fsGroupChangePolicy (1)
OnRootMismatch
string
defaultPodOptions.securityContext.runAsGroup (1)
1000
number
defaultPodOptions.securityContext.runAsNonRoot (1)
true
boolean
defaultPodOptions.securityContext.runAsUser (1)
1000
number
deploymentAnnotations."configmap.reloader.stakater.com/auto" (1)
true
string
deploymentAnnotations."secret.reloader.stakater.com/reload" (1)
${SECRET_KEY_NAME},${APP}-db-creds
string
image.pullPolicy (1)
IfNotPresent
string
image.repository (1)
ghcr.io/crowdsecurity/crowdsec
string
persistence.config-local.advancedMounts.crowdsec.app[].path (1)
/etc/crowdsec/config.yaml.local
string
persistence.config-local.advancedMounts.crowdsec.app[].readOnly (1)
true
boolean
persistence.config-local.advancedMounts.crowdsec.app[].subPath (1)
config.yaml.local
string
persistence.config-local.name (1)
crowdsec-config-local
string
persistence.config-local.type (1)
configMap
string
persistence.data.globalMounts[].path (1)
/var/lib/crowdsec/data
string
persistence.data.type (1)
emptyDir
string
persistence.etc-crowdsec.globalMounts[].path (1)
/etc/crowdsec
string
persistence.etc-crowdsec.type (1)
emptyDir
string
persistence.tmp.globalMounts[].path (1)
/tmp
string
persistence.tmp.type (1)
emptyDir
string
persistence.varlog.globalMounts[].path (1)
/var/log
string
persistence.varlog.type (1)
emptyDir
string
podAnnotations."reloader.stakater.com/auto" (1)
true
string
secrets.externalSecret.csLapiSecretKey (1)
CROWDSEC_LAPI_SECRET
string
secrets.externalSecret.name (1)
crowdsec-secret
string
secrets.externalSecret.registrationTokenKey (1)
REGISTRATION_TOKEN
string
service.app.annotations."lbipam.cilium.io/ips" (1)
10.60.80.20
string
service.app.externalTrafficPolicy (1)
Local
string
service.app.loadBalancerSourceRanges[] (1)
- "10.20.0.147/32"
- "10.20.0.119/32"
string
service.app.ports.lapi.port (1)
8080
number
service.app.ports.metrics.port (1)
6060
number
service.app.type (1)
LoadBalancer
string
tls.enabled (1)
false
boolean