65 行
2.2 KiB
YAML
65 行
2.2 KiB
YAML
apiVersion: helm.cattle.io/v1
|
|
kind: HelmChart
|
|
metadata:
|
|
name: ingress-nginx
|
|
namespace: infra-net
|
|
spec:
|
|
repo: https://kubernetes.github.io/ingress-nginx
|
|
chart: ingress-nginx
|
|
version: 4.10.0
|
|
targetNamespace: infra-net
|
|
valuesContent: |-
|
|
fullnameOverride: ingress-nginx
|
|
controller:
|
|
nodeSelector:
|
|
svccontroller.k3s.cattle.io/enablelb: "true"
|
|
tolerations:
|
|
- key: "node-role.kubernetes.io/master"
|
|
operator: "Exists"
|
|
effect: "NoSchedule"
|
|
kind: DaemonSet
|
|
hostNetwork: true
|
|
hostPort:
|
|
enabled: true
|
|
service:
|
|
enabled: false
|
|
publishService:
|
|
enabled: false
|
|
config:
|
|
use-forwarded-headers: "true"
|
|
allow-snippet-annotations: "true"
|
|
http-snippet: |
|
|
proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=cache:2m max_size=100m inactive=7d use_temp_path=off;
|
|
proxy_cache_key $scheme$proxy_host$request_uri;
|
|
proxy_cache_lock on;
|
|
proxy_cache_use_stale updating;
|
|
server-snippet : |
|
|
resolver 169.254.20.10 10.43.0.10 ipv6=off;
|
|
# crowdsec插件配置
|
|
plugins: "crowdsec"
|
|
lua-shared-dicts: "crowdsec_cache: 50m"
|
|
extraArgs:
|
|
default-ssl-certificate: "infra-net/dev-cm-crt"
|
|
# crowdsec插件配置
|
|
extraVolumes:
|
|
- name: crowdsec-bouncer-plugin
|
|
emptyDir: {}
|
|
extraInitContainers:
|
|
- name: init-clone-crowdsec-bouncer
|
|
image: devcm/lua-bouncer-plugin
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: API_URL
|
|
value: "http://crowdsec-service.infra-monitor.svc.cluster.local:8080"
|
|
- name: API_KEY
|
|
value: "rgILO2mh/t+30LMvzyyMXbfHRmDfBkDDkhEflzHaoQ0"
|
|
- name: BOUNCER_CONFIG
|
|
value: "/crowdsec/crowdsec-bouncer.conf"
|
|
command: ['sh', '-c', "bash /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/"]
|
|
volumeMounts:
|
|
- name: crowdsec-bouncer-plugin
|
|
mountPath: /lua_plugins
|
|
extraVolumeMounts:
|
|
- name: crowdsec-bouncer-plugin
|
|
mountPath: /etc/nginx/lua/plugins/crowdsec
|
|
subPath: crowdsec |