feat(apps): 升级集群应用版本

2024-12-13 17:19:34 +08:00
@@ -9,7 +9,7 @@ spec:
  repo: https://charts.jetstack.io
  chart: cert-manager
  targetNamespace: infra-devops
-  version: v1.16.1
+  version: v1.16.2
  valuesContent: |-
    affinity:
      nodeAffinity:
@@ -36,7 +36,7 @@ spec:
    postgresql-ha:
      enabled: false
    image:
-      tag: 1.22.3
+      tag: 1.22.5
    ingress:
      enabled: true
      className: nginx
@@ -7,7 +7,7 @@ spec:
  repo: https://vmware-tanzu.github.io/helm-charts
  chart: velero
  targetNamespace: infra-devops
-  version: 8.0.0
+  version: 8.1.0
  valuesContent: |-
    affinity:
      nodeAffinity:
@@ -7,7 +7,7 @@ spec:
  repo: https://grafana.github.io/helm-charts
  chart: loki
  targetNamespace: infra-monitor
-  version: 6.21.0
+  version: 6.23.0
  valuesContent: |-
    deploymentMode: SingleBinary
    gateway:
@@ -7,7 +7,7 @@ spec:
  repo: https://prometheus-community.github.io/helm-charts
  chart: kube-prometheus-stack
  targetNamespace: infra-monitor
-  version: 66.2.2
+  version: 66.4.0
  valuesContent: |-
    kubeControllerManager:
      enabled: false
@@ -7,11 +7,11 @@ spec:
  repo: https://crowdsecurity.github.io/helm-charts
  chart: crowdsec
  targetNamespace: infra-net
-  version: 0.13.0
+  version: 0.15.0
  valuesContent: |-
    container_runtime: containerd
    image:
-      tag: v1.6.3
+      tag: v1.6.4
    agent:
      # 由于dataScope为loki，所以此处强制要求部署在loki所在的节点 以节省网络资源
      nodeSelector:
@@ -40,7 +40,6 @@ spec:
        config:
          enabled: false
    appsec:
-      enabled: true
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
@@ -51,9 +50,27 @@ spec:
                    operator: In
                    values:
                      - cn-hk
+      enabled: false
+      acquisitions:
+        - source: appsec
+          listen_addr: "0.0.0.0:7422"
+          path: /
+          appsec_config: crowdsecurity/crs-vpatch
+          labels:
+            type: appsec
+      configs:
+        mycustom-appsec-config.yaml: |
+          name: crowdsecurity/crs-vpatch
+          default_remediation: ban
+          #log_level: debug
+          outofband_rules:
+            - crowdsecurity/crs
+          inband_rules:
+            - crowdsecurity/base-config
+            - crowdsecurity/vpatch-*
      env:
        - name: COLLECTIONS
-          value: "crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules"
+          value: "crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-crs"
    lapi:
      affinity:
        nodeAffinity:
@@ -87,6 +104,16 @@ spec:
          user: app
          password: nyrHzh9WWlDZzvVw7bDFo74gKb9zsls0Sy7OwRTDWiRTNPQQQkW85taUFAoX2AIC
          sslmode: require
+        api:
+          server:
+            auto_registration:
+              enabled: true
+              token: "${REGISTRATION_TOKEN}"
+              allowed_ranges:
+                - "127.0.0.1/32"
+                - "192.168.0.0/16"
+                - "172.16.0.0/12"
+                - "10.0.0.0/8"    
      # api profiles.yaml配置
      profiles.yaml: |
        name: captcha_remediation
@@ -124,6 +124,8 @@ spec:
              value: "live"
            - name: CACHE_EXPIRATION
              value: "3"
+            - name: UPDATE_FREQUENCY
+              value: "10"
            - name: REQUEST_TIMEOUT
              value: "1000"
            - name: CAPTCHA_PROVIDER
@@ -6,7 +6,7 @@ metadata:
 spec:
  repo: https://devcm-repo.github.io/helm-charts
  chart: tailscale-derp
-  version: 0.0.4
+  version: 0.0.5
  targetNamespace: infra-net
  valuesContent: |-
    nodeSelector: