feat(apps): 升级集群应用版本
这个提交包含在:
@@ -7,11 +7,11 @@ spec:
|
||||
repo: https://crowdsecurity.github.io/helm-charts
|
||||
chart: crowdsec
|
||||
targetNamespace: infra-net
|
||||
version: 0.13.0
|
||||
version: 0.15.0
|
||||
valuesContent: |-
|
||||
container_runtime: containerd
|
||||
image:
|
||||
tag: v1.6.3
|
||||
tag: v1.6.4
|
||||
agent:
|
||||
# 由于dataScope为loki,所以此处强制要求部署在loki所在的节点 以节省网络资源
|
||||
nodeSelector:
|
||||
@@ -40,7 +40,6 @@ spec:
|
||||
config:
|
||||
enabled: false
|
||||
appsec:
|
||||
enabled: true
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
@@ -51,9 +50,27 @@ spec:
|
||||
operator: In
|
||||
values:
|
||||
- cn-hk
|
||||
enabled: false
|
||||
acquisitions:
|
||||
- source: appsec
|
||||
listen_addr: "0.0.0.0:7422"
|
||||
path: /
|
||||
appsec_config: crowdsecurity/crs-vpatch
|
||||
labels:
|
||||
type: appsec
|
||||
configs:
|
||||
mycustom-appsec-config.yaml: |
|
||||
name: crowdsecurity/crs-vpatch
|
||||
default_remediation: ban
|
||||
#log_level: debug
|
||||
outofband_rules:
|
||||
- crowdsecurity/crs
|
||||
inband_rules:
|
||||
- crowdsecurity/base-config
|
||||
- crowdsecurity/vpatch-*
|
||||
env:
|
||||
- name: COLLECTIONS
|
||||
value: "crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules"
|
||||
value: "crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-crs"
|
||||
lapi:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
@@ -87,6 +104,16 @@ spec:
|
||||
user: app
|
||||
password: nyrHzh9WWlDZzvVw7bDFo74gKb9zsls0Sy7OwRTDWiRTNPQQQkW85taUFAoX2AIC
|
||||
sslmode: require
|
||||
api:
|
||||
server:
|
||||
auto_registration:
|
||||
enabled: true
|
||||
token: "${REGISTRATION_TOKEN}"
|
||||
allowed_ranges:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.0.0/16"
|
||||
- "172.16.0.0/12"
|
||||
- "10.0.0.0/8"
|
||||
# api profiles.yaml配置
|
||||
profiles.yaml: |
|
||||
name: captcha_remediation
|
||||
|
||||
在新议题中引用
屏蔽一个用户