Skip to content

Commit

Permalink
Add configuration override for lapi, and basic support for HA
Browse files Browse the repository at this point in the history
  • Loading branch information
erwanval committed Sep 20, 2023
1 parent 54314f9 commit dfb62cf
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 0 deletions.
4 changes: 4 additions & 0 deletions charts/crowdsec/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ helm delete crowdsec -n crowdsec
| config."simulation.yaml" | string | `""` | Simulation configuration (https://docs.crowdsec.net/docs/next/scenarios/simulation/) |
| config."console.yaml" | string | `""` | |
| config."capi_whitelists.yaml" | string | `""` | |
| config."config-override.yaml" | string | `""` | Override for common configuration parameters (https://docs.crowdsec.net/docs/configuration/crowdsec_configuration/#configuration-example) |
| config."profiles.yaml" | string | `""` | Profiles configuration (https://docs.crowdsec.net/docs/next/profiles/format/#profile-configuration-example) |
| config.notifications | object | `{}` | notifications configuration (https://docs.crowdsec.net/docs/next/notification_plugins/intro) |
| tls.enabled | bool | `false` | |
Expand All @@ -59,6 +60,7 @@ helm delete crowdsec -n crowdsec
| tls.lapi.secret | string | `"{{ .Release.Name }}-lapi-tls"` | |
| secrets.username | string | `""` | agent username (default is generated randomly) |
| secrets.password | string | `""` | agent password (default is generated randomly) |
| lapi.replicas | number | `1` | |
| lapi.env | list | `[]` | environment variables from crowdsecurity/crowdsec docker image |
| lapi.ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/backend-protocol":"HTTP"},"enabled":false,"host":"","ingressClassName":""}` | Enable ingress lapi object |
| lapi.dashboard.enabled | bool | `false` | Enable Metabase Dashboard (by default disabled) |
Expand All @@ -83,6 +85,8 @@ helm delete crowdsec -n crowdsec
| lapi.service.externalTrafficPolicy | string | `"Cluster"` | |
| lapi.nodeSelector | object | `{}` | nodeSelector for lapi |
| lapi.tolerations | object | `{}` | tolerations for lapi |
| lapi.affinity | object | `{}` | affinity for lapi |
| lapi.topologySpreadConstraints | object | `{}` | topologySpreadConstraints for lapi |
| lapi.metrics | object | `{"enabled":false,"serviceMonitor":{"enabled":false}}` | Enable service monitoring (exposes "metrics" port "6060" for Prometheus) |
| lapi.metrics.serviceMonitor | object | `{"enabled":false}` | See also: https://github.com/prometheus-community/helm-charts/issues/106#issuecomment-700847774 |
| lapi.strategy.type | string | `"RollingUpdate"` | |
Expand Down
10 changes: 10 additions & 0 deletions charts/crowdsec/templates/lapi-configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,16 @@ data:
{{ printf "%+v" (index .Values.config "capi_whitelists.yaml") | indent 4 }}
{{ end }}
---
{{- if index .Values.config "config-override.yaml" }}
apiVersion: v1
kind: ConfigMap
metadata:
name: crowdsec-config-override
data:
config.yaml.local: |
{{ printf "%+v" (index .Values.config "config-override.yaml") | indent 4 }}
{{ end }}
---
{{ if (include "notificationsIsNotEmpty" .) }}
apiVersion: v1
kind: ConfigMap
Expand Down
15 changes: 15 additions & 0 deletions charts/crowdsec/templates/lapi-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ metadata:
type: lapi
version: v1
spec:
replicas: {{ .Values.lapi.replicas }}
selector:
matchLabels:
k8s-app: {{ .Release.Name }}
Expand Down Expand Up @@ -182,6 +183,11 @@ spec:
mountPath: {{ $crowdsecConfig }}/capi_whitelists.yaml
subPath: capi_whitelists.yaml
{{ end }}
{{ if index .Values.config "config-override.yaml" }}
- name: crowdsec-config-override-volume
mountPath: {{ $crowdsecConfig }}/config.yaml.local
subPath: config.yaml.local
{{ end }}
{{- if (include "notificationsIsNotEmpty" .) -}}
{{ range $fileName, $content := .Values.config.notifications -}}
{{- if $content }}
Expand Down Expand Up @@ -294,6 +300,11 @@ spec:
configMap:
name: crowdsec-capi-whitelists
{{- end }}
{{ if index .Values.config "config-override.yaml" }}
- name: crowdsec-config-override-volume
configMap:
name: crowdsec-config-override
{{- end }}
{{- if (include "notificationsIsNotEmpty" .) -}}
{{ range $fileName, $content := .Values.config.notifications -}}
{{- if $content }}
Expand Down Expand Up @@ -327,3 +338,7 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.lapi.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
13 changes: 13 additions & 0 deletions charts/crowdsec/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,17 @@ config:
# filters:
# - Alert.Remediation == true && Alert.GetScope() == "Ip"
# ...
# -- General configuration (https://docs.crowdsec.net/docs/configuration/crowdsec_configuration/#configuration-example)
config-override.yaml: ""
# |
# db_config:
# type: "postgresql"
# user: "crowdsec"
# password: "${DB_PASSWORD}"
# db_name: "crowdsec"
# host: "192.168.0.2"
# port: "5432"
# sslmode: "required"
# -- notifications configuration (https://docs.crowdsec.net/docs/next/notification_plugins/intro)
notifications: {}
# email.yaml: |
Expand Down Expand Up @@ -111,6 +122,8 @@ secrets:

# lapi will deploy pod with crowdsec lapi and dashboard as deployment
lapi:
# -- Replicas for lapi
replicas: 1
# -- environment variables from crowdsecurity/crowdsec docker image
env: []
# by default disable the agent because it only needs the local API.
Expand Down

0 comments on commit dfb62cf

Please sign in to comment.