2025-12-28 10:17:04 +01:00
5 changed files with 45 additions and 35 deletions
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -89,12 +89,10 @@ jobs:
        with:
          namespace: kube-system
          secret-name: admin-basic-auth-credentials
-          secret-type: generic
+          secret-type: "kubernetes.io/basic-auth"
-          data: |
+          string-data: |
-            {
+            username: netadmin
-              "username": "bmV0YWRtaW4=",
+            password: "${{ secrets.ADMIN_BASIC_AUTH_PASSWORD }}"
              "password": "${{ secrets.ADMIN_BASIC_AUTH_PASSWORD }}"
            }
      - name: Set crowdsec bouncer api key
        uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5
        with:
--- a/traefik/middleware-adminbasicauth.yaml
+++ b/traefik/middleware-adminbasicauth.yaml
@@ -0,0 +1,8 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
  name: adminbasicauth
  namespace: kube-system
 spec:
  basicAuth:
    secret: admin-basic-auth-credentials
--- a/traefik/middleware-crowdsec-bouncher.yaml
+++ b/traefik/middleware-crowdsec-bouncher.yaml
@@ -0,0 +1,13 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
    name: crowdsec-bouncer
    namespace: kube-system
 spec:
    plugin:
        crowdsec-bouncer-traefik-plugin:
            Enabled: true
            CrowdsecMode: live
            CrowdsecLapiUrl: "http://crowdsec-service.kube-system.svc.cluster.local:8080"
            CrowdsecLapiKey: "${CROWDSEC_BOUNCER_API_KEY}"
            UpdateIntervalSeconds: 10
--- a/traefik/middleware-local-ip-filter.yaml
+++ b/traefik/middleware-local-ip-filter.yaml
@@ -0,0 +1,11 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
  name: localipfilter
  namespace: kube-system
 spec:
  ipWhiteList:
    sourceRange:
      - 192.168.0.0/24
      - 172.16.0.0/16
      - 10.0.0.0/8
--- a/traefik/traefik-config.yaml
+++ b/traefik/traefik-config.yaml
@@ -69,32 +69,12 @@ spec:
      size: 1Gi
      storageClass: longhorn
      path: /data
-    extraObjects:
+    #experimental:
-      - apiVersion: traefik.containo.us/v1alpha1
+    #  plugins:
-        kind: Middleware
+    #    crowdsec-bouncer-traefik-plugin:
-        metadata:
+    #      moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
-          name: localipfilter
+    #      version: v1.4.6
-          namespace: kube-system
+    #additionalArguments:
-        spec:
+    #  - "--providers.kubernetescrd"
-          ipWhiteList:
+    #  - "--entrypoints.web.http.middlewares=crowdsec-bouncer@kubernetescrd"
-            sourceRange:
+    #  - "--entrypoints.websecure.http.middlewares=kube-system-crowdsec-bouncer@kubernetescrd"
              - 192.168.0.0/24
              - 172.16.0.0/16
              - 10.0.0.0/8
      - apiVersion: traefik.containo.us/v1alpha1
        kind: Middleware
        metadata:
          name: adminbasicauth
          namespace: kube-system
        spec:
          basicAuth:
            secret: adminbasicauthsecret
    experimental:
      plugins:
        crowdsec-bouncer-traefik-plugin:
          moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
          version: v1.4.6
    additionalArguments:
      - "--providers.kubernetescrd"
      - "--entrypoints.web.http.middlewares=crowdsec-bouncer@kubernetescrd"
      - "--entrypoints.websecure.http.middlewares=internal-crowdsec-bouncer@kubernetescrd"