Merge remote-tracking branch 'origin/main' into feat-add-crowdsec

traefik/middleware-adminbasicauth.yaml

@@ -0,0 +1,8 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: adminbasicauth
+  namespace: kube-system
+spec:
+  basicAuth:
+    secret: admin-basic-auth-credentials

traefik/middleware-crowdsec-bouncher.yaml

@@ -0,0 +1,13 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+    name: crowdsec-bouncer
+    namespace: kube-system
+spec:
+    plugin:
+        crowdsec-bouncer-traefik-plugin:
+            Enabled: true
+            CrowdsecMode: live
+            CrowdsecLapiUrl: "http://crowdsec-service.kube-system.svc.cluster.local:8080"
+            CrowdsecLapiKey: "${CROWDSEC_BOUNCER_API_KEY}"
+            UpdateIntervalSeconds: 10

traefik/middleware-local-ip-filter.yaml

@@ -0,0 +1,11 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: localipfilter
+  namespace: kube-system
+spec:
+  ipWhiteList:
+    sourceRange:
+      - 192.168.0.0/24
+      - 172.16.0.0/16
+      - 10.0.0.0/8

traefik/traefik-config.yaml

@@ -69,32 +69,12 @@ spec:
       size: 1Gi
       storageClass: longhorn
       path: /data
-    extraObjects:
-      - apiVersion: traefik.containo.us/v1alpha1
-        kind: Middleware
-        metadata:
-          name: localipfilter
-          namespace: kube-system
-        spec:
-          ipWhiteList:
-            sourceRange:
-              - 192.168.0.0/24
-              - 172.16.0.0/16
-              - 10.0.0.0/8
-      - apiVersion: traefik.containo.us/v1alpha1
-        kind: Middleware
-        metadata:
-          name: adminbasicauth
-          namespace: kube-system
-        spec:
-          basicAuth:
-            secret: adminbasicauthsecret
-    experimental:
-      plugins:
-        crowdsec-bouncer-traefik-plugin:
-          moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
-          version: v1.4.6
-    additionalArguments:
-      - "--providers.kubernetescrd"
-      - "--entrypoints.web.http.middlewares=crowdsec-bouncer@kubernetescrd"
-      - "--entrypoints.websecure.http.middlewares=internal-crowdsec-bouncer@kubernetescrd"
+    #experimental:
+    #  plugins:
+    #    crowdsec-bouncer-traefik-plugin:
+    #      moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
+    #      version: v1.4.6
+    #additionalArguments:
+    #  - "--providers.kubernetescrd"
+    #  - "--entrypoints.web.http.middlewares=crowdsec-bouncer@kubernetescrd"
+    #  - "--entrypoints.websecure.http.middlewares=kube-system-crowdsec-bouncer@kubernetescrd"