Delete Kubernetes/Traefik-Crowdsec-PiHole/Helm/CrowdSec/values.yaml
This commit is contained in:
tehNooB
GitHub
parent
012b8aefd6
commit
e7326a6308
|
|
@ -1,127 +0,0 @@
|
||||||
container_runtime: containerd
|
|
||||||
# Here you can specify your own custom configuration to be loaded in crowdsec agent or lapi
|
|
||||||
# Each config needs to be a multi-line using '|' in YAML specs
|
|
||||||
# for the agent those configs will be loaded : parsers, scenarios, postoverflows, simulation.yaml
|
|
||||||
# for the lapi those configs will be loaded : profiles.yaml, notifications, console.yaml
|
|
||||||
config:
|
|
||||||
profiles.yaml: |
|
|
||||||
name: default_ip_remediation
|
|
||||||
#debug: true
|
|
||||||
filters:
|
|
||||||
- Alert.Remediation == true && Alert.GetScope() == "Ip"
|
|
||||||
decisions:
|
|
||||||
- type: ban
|
|
||||||
duration: 4h
|
|
||||||
#duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
|
|
||||||
notifications:
|
|
||||||
# - slack_default # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
|
|
||||||
# - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
|
|
||||||
- http_default # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
|
|
||||||
# - email_default # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
|
|
||||||
notifications:
|
|
||||||
http.yaml: |
|
|
||||||
type: http # Don't change
|
|
||||||
name: http_default # Must match the registered plugin in the profile
|
|
||||||
|
|
||||||
# One of "trace", "debug", "info", "warn", "error", "off"
|
|
||||||
log_level: info
|
|
||||||
|
|
||||||
# group_wait: # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
|
|
||||||
# group_threshold: # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
|
|
||||||
# max_retry: # Number of attempts to relay messages to plugins in case of error
|
|
||||||
# timeout: # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"
|
|
||||||
|
|
||||||
#-------------------------
|
|
||||||
# plugin-specific options
|
|
||||||
|
|
||||||
# The following template receives a list of models.Alert objects
|
|
||||||
# The output goes in the http request body
|
|
||||||
format: |
|
|
||||||
{{ range . -}}
|
|
||||||
{{ $alert := . -}}
|
|
||||||
{
|
|
||||||
"extras": {
|
|
||||||
"client::display": {
|
|
||||||
"contentType": "text/markdown"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"priority": 3,
|
|
||||||
{{range .Decisions -}}
|
|
||||||
"title": "{{.Type }} {{ .Value }} for {{.Duration}}",
|
|
||||||
"message": "{{.Scenario}} \n\n[crowdsec cti](https://app.crowdsec.net/cti/{{.Value -}}) \n\n[shodan](https://shodan.io/host/{{.Value -}})"
|
|
||||||
{{end -}}
|
|
||||||
}
|
|
||||||
{{ end -}}
|
|
||||||
|
|
||||||
# The plugin will make requests to this url, eg: https://www.example.com/
|
|
||||||
url: https://gotify.your-domain.co.uk/message # change this to your domain
|
|
||||||
|
|
||||||
# Any of the http verbs: "POST", "GET", "PUT"...
|
|
||||||
method: POST
|
|
||||||
|
|
||||||
headers:
|
|
||||||
X-Gotify-Key: SDFjsdfkjsdfsdjf # Add Gotify key here
|
|
||||||
Content-Type: application/json
|
|
||||||
skip_tls_verification: true
|
|
||||||
tls:
|
|
||||||
enabled: true
|
|
||||||
bouncer:
|
|
||||||
reflector:
|
|
||||||
namespaces: ["traefik"]
|
|
||||||
agent:
|
|
||||||
tolerations:
|
|
||||||
- key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Equal
|
|
||||||
effect: NoSchedule
|
|
||||||
# Specify each pod whose logs you want to process
|
|
||||||
acquisition:
|
|
||||||
# The namespace where the pod is located
|
|
||||||
- namespace: traefik
|
|
||||||
# The pod name
|
|
||||||
podName: traefik-*
|
|
||||||
# as in crowdsec configuration, we need to specify the program name to find a matching parser
|
|
||||||
program: traefik
|
|
||||||
env:
|
|
||||||
- name: PARSERS
|
|
||||||
value: "crowdsecurity/cri-logs crowdsecurity/whitelists"
|
|
||||||
- name: COLLECTIONS
|
|
||||||
value: "crowdsecurity/linux crowdsecurity/traefik crowdsecurity/home-assistant LePresidente/authelia Dominic-Wagner/vaultwarden crowdsecurity/unifi"
|
|
||||||
# When testing, allow bans on private networks
|
|
||||||
#- name: DISABLE_PARSERS
|
|
||||||
# value: "crowdsecurity/whitelists"
|
|
||||||
persistentVolume:
|
|
||||||
config:
|
|
||||||
enabled: false
|
|
||||||
nodeSelector:
|
|
||||||
worker: "true"
|
|
||||||
image:
|
|
||||||
pullPolicy: Always
|
|
||||||
lapi:
|
|
||||||
dashboard:
|
|
||||||
enabled: false
|
|
||||||
ingress:
|
|
||||||
host: dashboard.local
|
|
||||||
enabled: true
|
|
||||||
persistentVolume:
|
|
||||||
config:
|
|
||||||
enabled: true
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
memory: 200Mi
|
|
||||||
requests:
|
|
||||||
cpu: 250m
|
|
||||||
memory: 200Mi
|
|
||||||
env:
|
|
||||||
# For an internal test, disable the Online API
|
|
||||||
- name: DISABLE_ONLINE_API
|
|
||||||
value: "false"
|
|
||||||
- name: ENROLL_KEY
|
|
||||||
value: "ADD-YOUR-KEY-HERE"
|
|
||||||
- name: ENROLL_INSTANCE_NAME
|
|
||||||
value: "k3s_cluster"
|
|
||||||
- name: ENROLL_TAGS
|
|
||||||
value: "homelab"
|
|
||||||
nodeSelector:
|
|
||||||
worker: "true"
|
|
||||||
image:
|
|
||||||
pullPolicy: Always
|
|
||||||
Loading…
Reference in New Issue