179 lines
5.5 KiB
YAML
179 lines
5.5 KiB
YAML
# Default values for crowdsec-chart.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
# -- for raw logs format: json or cri (docker|containerd)
|
|
container_runtime: containerd
|
|
|
|
image:
|
|
# -- docker image repository name
|
|
repository: crowdsecurity/crowdsec
|
|
# -- pullPolicy
|
|
pullPolicy: IfNotPresent
|
|
# -- docker image tag
|
|
tag: ""
|
|
|
|
# If you want to specify secrets that will be used for all your crowdsec-agents
|
|
# secrets can be provided be env variables
|
|
secrets:
|
|
# -- agent username (default is generated randomly)
|
|
username: ""
|
|
# -- agent password (default is generated randomly)
|
|
password: ""
|
|
|
|
# lapi will deploy pod with crowdsec lapi and dashboard as deployment
|
|
lapi:
|
|
# -- environment variables from crowdsecurity/crowdsec docker image
|
|
env: []
|
|
# by default disable the agent because it only the local API.
|
|
#- name: DISABLE_AGENT
|
|
# value: "true"
|
|
dashboard:
|
|
# -- Enable Metabase Dashboard (by default disabled)
|
|
enabled: true
|
|
image:
|
|
# -- docker image repository name
|
|
repository: loancrate/metabase
|
|
# -- pullPolicy
|
|
pullPolicy: IfNotPresent
|
|
# -- docker image tag
|
|
tag: "latest"
|
|
# -- Metabase SQLite static DB containing Dashboards
|
|
assetURL: https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip
|
|
|
|
# -- Enable ingress object
|
|
ingress:
|
|
enabled: false
|
|
annotations:
|
|
# metabase only supports http so we need this annotation
|
|
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
|
|
# labels: {}
|
|
ingressClassName: "nginx"
|
|
host: "" # metabase.example.com
|
|
# tls: {}
|
|
|
|
resources:
|
|
limits:
|
|
memory: 100Mi
|
|
requests:
|
|
cpu: 150m
|
|
memory: 100Mi
|
|
# -- Enable persistent volumes
|
|
persistentVolume:
|
|
# -- Persistent volume for data folder. Stores e.g. registered bouncer api keys
|
|
data:
|
|
enabled: true
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: ""
|
|
size: 1Gi
|
|
# -- Persistent volume for config folder. Stores e.g. online api credentials
|
|
config:
|
|
enabled: true
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: ""
|
|
size: 100Mi
|
|
|
|
# -- nodeSelector for lapi
|
|
nodeSelector: {}
|
|
# -- tolerations for lapi
|
|
tolerations: {}
|
|
|
|
# -- Enable service monitoring (exposes "metrics" port "6060" for Prometheus)
|
|
metrics:
|
|
enabled: false
|
|
# -- Creates a ServiceMonitor so Prometheus will monitor this service
|
|
# -- Prometheus needs to be configured to watch on all namespaces for ServiceMonitors
|
|
# -- See the documentation: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#prometheusioscrape
|
|
# -- See also: https://github.com/prometheus-community/helm-charts/issues/106#issuecomment-700847774
|
|
serviceMonitor:
|
|
enabled: false
|
|
|
|
strategy:
|
|
type: RollingUpdate
|
|
|
|
# agent will deploy pod on every node as daemonSet to read wanted pods logs
|
|
agent:
|
|
acquisition:
|
|
# -- Specify each pod you want to process it logs (namespace, podName and program)
|
|
- namespace: kube-system
|
|
# -- to select pod logs to process
|
|
podName: nginx-nginx-ingress-*
|
|
# -- program name related to specific parser you will use (see https://hub.crowdsec.net/author/crowdsecurity/configurations/docker-logs)
|
|
program: nginx
|
|
resources:
|
|
limits:
|
|
memory: 100Mi
|
|
requests:
|
|
cpu: 150m
|
|
memory: 100Mi
|
|
# -- Enable persistent volumes
|
|
persistentVolume:
|
|
# -- Persistent volume for config folder. Stores local config (parsers, scenarios etc.)
|
|
config:
|
|
enabled: true
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: ""
|
|
size: 100Mi
|
|
# -- environment variables from crowdsecurity/crowdsec docker image
|
|
env: []
|
|
# by default we the docker-logs parser to be able to parse docker logs in k8s
|
|
# by default we disable local API on the agent pod
|
|
# - name: SCENARIOS
|
|
# value: "scenario/name otherScenario/name"
|
|
# - name: PARSERS
|
|
# value: "parser/name otherParser/name"
|
|
# - name: POSTOVERFLOWS
|
|
# value: "postoverflow/name otherPostoverflow/name"
|
|
# - name: CONFIG_FILE
|
|
# value: "/etc/crowdsec/config.yaml"
|
|
# - name: DSN
|
|
# value: "file:///var/log/toto.log"
|
|
# - name: TYPE
|
|
# value: "Labels.type_for_time-machine_mode"
|
|
# - name: TEST_MODE
|
|
# value: "false"
|
|
# - name: TZ
|
|
# value: ""
|
|
# - name: DISABLE_AGENT
|
|
# value: "false"
|
|
# - name: DISABLE_ONLINE_API
|
|
# value: "false"
|
|
# - name: LEVEL_TRACE
|
|
# value: "false"
|
|
# - name: LEVEL_DEBUG
|
|
# value: "false"
|
|
# - name: LEVEL_INFO
|
|
# value: "false"
|
|
|
|
# -- nodeSelector for agent
|
|
nodeSelector: {}
|
|
# -- tolerations for agent
|
|
tolerations: {}
|
|
|
|
# -- Enable service monitoring (exposes "metrics" port "6060" for Prometheus)
|
|
metrics:
|
|
enabled: false
|
|
# -- Creates a ServiceMonitor so Prometheus will monitor this service
|
|
# -- Prometheus needs to be configured to watch on all namespaces for ServiceMonitors
|
|
# -- See the documentation: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#prometheusioscrape
|
|
# -- See also: https://github.com/prometheus-community/helm-charts/issues/106#issuecomment-700847774
|
|
serviceMonitor:
|
|
enabled: false
|
|
|
|
# -- wait-for-lapi init container
|
|
wait_for_lapi:
|
|
image:
|
|
# -- docker image repository name
|
|
repository: busybox
|
|
# -- pullPolicy
|
|
pullPolicy: IfNotPresent
|
|
# -- docker image tag
|
|
tag: "1.28"
|
|
|
|
#service: {}
|
|
|
|
|