feat(crowdsec): crowdsec升级 & dns问题修复

apps/infra/net/crowdsec/helmchart.yaml

@@ -7,21 +7,16 @@ spec:
   repo: https://crowdsecurity.github.io/helm-charts
   chart: crowdsec
   targetNamespace: infra-net
-  version: 0.15.0
+  version: 0.19.1
   valuesContent: |-
     container_runtime: containerd
     image:
-      tag: v1.6.4
+      tag: v1.6.8
     agent:
       # 由于dataScope为loki，所以此处强制要求部署在loki所在的节点 以节省网络资源
       nodeSelector:
         kubernetes.io/hostname: alihka 
-      # 此处无实际作用 只是为了过helmChart的校验
-      acquisition:
-        - namespace: infra-net
-          podName: ingress-nginx-controller-*
-          program: nginx
-          poll_without_inotify: true
+      isDeployment: true
       additionalAcquisition:
         - source: loki
           log_level: info

apps/infra/net/nginx/helmchart.yaml

@@ -106,7 +106,7 @@ spec:
         plugins: "crowdsec"
         lua-shared-dicts: "crowdsec_cache: 50m"
       # 启用geoip2模块
-      maxmindLicenseKey: "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"
+      maxmindLicenseKey: "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"
       extraArgs:
         default-ssl-certificate: "infra-net/dev-cm-crt"
       # crowdsec插件配置
@@ -118,7 +118,7 @@ spec:
             - name: API_URL
               value: "http://crowdsec-service.infra-net.svc.cluster.local:8080"
             - name: API_KEY
-              value: "rgILO2mh/t+30LMvzyyMXbfHRmDfBkDDkhEflzHaoQ0"
+              value: "CLeXxBJSTL+Az1w64S91APOyuNdc0nKgG4swNLvL0os"
             - name: BOUNCER_CONFIG
               value: "/crowdsec/crowdsec-bouncer.conf"
             - name: MODE

apps/kube/coredns/configmap.yaml

@@ -9,10 +9,6 @@ data:
     template ANY HINFO . {
       rcode NXDOMAIN
     }
-    # 不解析IPV6
-    template ANY AAAA {
-      rcode NXDOMAIN
-    }
 
   local.server: |
     #

apps/kube/coredns/nodelocaldns.yaml

@@ -126,7 +126,7 @@ spec:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
               - matchExpressions:
-                  - key: node-role.kubernetes.io/master
+                  - key: node-role.kubernetes.io/control-plane
                     operator: NotIn
                     values:
                       - "true"
@@ -143,7 +143,7 @@ spec:
           operator: "Exists"
       containers:
         - name: node-cache
-          image: registry.k8s.io/dns/k8s-dns-node-cache:1.23.1
+          image: registry.k8s.io/dns/k8s-dns-node-cache:1.25.0
           resources:
             requests:
               cpu: 25m
@@ -211,4 +211,4 @@ spec:
       port: 9253
       targetPort: 9253
   selector:
-    k8s-app: node-local-dns
+    k8s-app: node-local-dns