From f22c1caf17e4c40028c04b1ff72fc98ce948b6bc Mon Sep 17 00:00:00 2001 From: rohow Date: Fri, 13 Dec 2024 17:19:34 +0800 Subject: [PATCH] =?UTF-8?q?feat(apps):=20=E5=8D=87=E7=BA=A7=E9=9B=86?= =?UTF-8?q?=E7=BE=A4=E5=BA=94=E7=94=A8=E7=89=88=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/infra/devops/cert-manager/helmchart.yaml | 2 +- apps/infra/devops/gitea/helmchart.yaml | 2 +- apps/infra/devops/velero/helmchart.yaml | 2 +- apps/infra/monitor/loki/helmchart-loki.yaml | 2 +- apps/infra/monitor/prometheus/helmchart.yaml | 2 +- apps/infra/net/crowdsec/helmchart.yaml | 35 ++++++++++++++++--- apps/infra/net/nginx/helmchart.yaml | 2 ++ apps/infra/net/tailscale/helmchart.yaml | 2 +- 8 files changed, 39 insertions(+), 10 deletions(-) diff --git a/apps/infra/devops/cert-manager/helmchart.yaml b/apps/infra/devops/cert-manager/helmchart.yaml index 6d792a4..30f616b 100644 --- a/apps/infra/devops/cert-manager/helmchart.yaml +++ b/apps/infra/devops/cert-manager/helmchart.yaml @@ -9,7 +9,7 @@ spec: repo: https://charts.jetstack.io chart: cert-manager targetNamespace: infra-devops - version: v1.16.1 + version: v1.16.2 valuesContent: |- affinity: nodeAffinity: diff --git a/apps/infra/devops/gitea/helmchart.yaml b/apps/infra/devops/gitea/helmchart.yaml index c40e376..b22e059 100644 --- a/apps/infra/devops/gitea/helmchart.yaml +++ b/apps/infra/devops/gitea/helmchart.yaml @@ -36,7 +36,7 @@ spec: postgresql-ha: enabled: false image: - tag: 1.22.3 + tag: 1.22.5 ingress: enabled: true className: nginx diff --git a/apps/infra/devops/velero/helmchart.yaml b/apps/infra/devops/velero/helmchart.yaml index 225311b..b1a1849 100644 --- a/apps/infra/devops/velero/helmchart.yaml +++ b/apps/infra/devops/velero/helmchart.yaml @@ -7,7 +7,7 @@ spec: repo: https://vmware-tanzu.github.io/helm-charts chart: velero targetNamespace: infra-devops - version: 8.0.0 + version: 8.1.0 valuesContent: |- affinity: nodeAffinity: diff --git a/apps/infra/monitor/loki/helmchart-loki.yaml b/apps/infra/monitor/loki/helmchart-loki.yaml index 05a91ea..1b377f3 100644 --- a/apps/infra/monitor/loki/helmchart-loki.yaml +++ b/apps/infra/monitor/loki/helmchart-loki.yaml @@ -7,7 +7,7 @@ spec: repo: https://grafana.github.io/helm-charts chart: loki targetNamespace: infra-monitor - version: 6.21.0 + version: 6.23.0 valuesContent: |- deploymentMode: SingleBinary gateway: diff --git a/apps/infra/monitor/prometheus/helmchart.yaml b/apps/infra/monitor/prometheus/helmchart.yaml index 562c576..e69e719 100644 --- a/apps/infra/monitor/prometheus/helmchart.yaml +++ b/apps/infra/monitor/prometheus/helmchart.yaml @@ -7,7 +7,7 @@ spec: repo: https://prometheus-community.github.io/helm-charts chart: kube-prometheus-stack targetNamespace: infra-monitor - version: 66.2.2 + version: 66.4.0 valuesContent: |- kubeControllerManager: enabled: false diff --git a/apps/infra/net/crowdsec/helmchart.yaml b/apps/infra/net/crowdsec/helmchart.yaml index 227e765..bfc0395 100644 --- a/apps/infra/net/crowdsec/helmchart.yaml +++ b/apps/infra/net/crowdsec/helmchart.yaml @@ -7,11 +7,11 @@ spec: repo: https://crowdsecurity.github.io/helm-charts chart: crowdsec targetNamespace: infra-net - version: 0.13.0 + version: 0.15.0 valuesContent: |- container_runtime: containerd image: - tag: v1.6.3 + tag: v1.6.4 agent: # 由于dataScope为loki,所以此处强制要求部署在loki所在的节点 以节省网络资源 nodeSelector: @@ -40,7 +40,6 @@ spec: config: enabled: false appsec: - enabled: true affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -51,9 +50,27 @@ spec: operator: In values: - cn-hk + enabled: false + acquisitions: + - source: appsec + listen_addr: "0.0.0.0:7422" + path: / + appsec_config: crowdsecurity/crs-vpatch + labels: + type: appsec + configs: + mycustom-appsec-config.yaml: | + name: crowdsecurity/crs-vpatch + default_remediation: ban + #log_level: debug + outofband_rules: + - crowdsecurity/crs + inband_rules: + - crowdsecurity/base-config + - crowdsecurity/vpatch-* env: - name: COLLECTIONS - value: "crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules" + value: "crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-crs" lapi: affinity: nodeAffinity: @@ -87,6 +104,16 @@ spec: user: app password: nyrHzh9WWlDZzvVw7bDFo74gKb9zsls0Sy7OwRTDWiRTNPQQQkW85taUFAoX2AIC sslmode: require + api: + server: + auto_registration: + enabled: true + token: "${REGISTRATION_TOKEN}" + allowed_ranges: + - "127.0.0.1/32" + - "192.168.0.0/16" + - "172.16.0.0/12" + - "10.0.0.0/8" # api profiles.yaml配置 profiles.yaml: | name: captcha_remediation diff --git a/apps/infra/net/nginx/helmchart.yaml b/apps/infra/net/nginx/helmchart.yaml index b78aa44..95df65f 100644 --- a/apps/infra/net/nginx/helmchart.yaml +++ b/apps/infra/net/nginx/helmchart.yaml @@ -124,6 +124,8 @@ spec: value: "live" - name: CACHE_EXPIRATION value: "3" + - name: UPDATE_FREQUENCY + value: "10" - name: REQUEST_TIMEOUT value: "1000" - name: CAPTCHA_PROVIDER diff --git a/apps/infra/net/tailscale/helmchart.yaml b/apps/infra/net/tailscale/helmchart.yaml index 650fe3e..76e497b 100644 --- a/apps/infra/net/tailscale/helmchart.yaml +++ b/apps/infra/net/tailscale/helmchart.yaml @@ -6,7 +6,7 @@ metadata: spec: repo: https://devcm-repo.github.io/helm-charts chart: tailscale-derp - version: 0.0.4 + version: 0.0.5 targetNamespace: infra-net valuesContent: |- nodeSelector: