k3s/apps/net/nginx/helmchart.yaml

apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: ingress-nginx
  namespace: infra-net
spec:
  repo: https://kubernetes.github.io/ingress-nginx
  chart: ingress-nginx
  version: 4.10.0
  targetNamespace: infra-net
  valuesContent: |-
    fullnameOverride: ingress-nginx
    controller:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: svccontroller.k3s.cattle.io/enablelb
                    operator: In
                    values:
                      - "true"
      tolerations:
        - key: "node-role.kubernetes.io/master"
          operator: "Exists"
          effect: "NoSchedule"
      kind: DaemonSet
      hostNetwork: true
      hostPort:
        enabled: true
      service:
        enabled: false
      publishService:
        enabled: false
      config:
        use-forwarded-headers: "true"
        allow-snippet-annotations: "true"
        http-snippet: |
          proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=cache:2m max_size=100m inactive=7d use_temp_path=off;
          proxy_cache_key $scheme$proxy_host$request_uri;
          proxy_cache_lock on;
          proxy_cache_use_stale updating;
        server-snippet : |
          resolver 169.254.20.10 10.43.0.10 ipv6=off;
        # crowdsec插件配置
        plugins: "crowdsec"
        lua-shared-dicts: "crowdsec_cache: 50m"
      extraArgs:
        default-ssl-certificate: "infra-net/dev-cm-crt"
      # crowdsec插件配置
      extraVolumes:
        - name: crowdsec-bouncer-plugin
          emptyDir: {}
      extraInitContainers:
        - name: init-clone-crowdsec-bouncer
          image: devcm/lua-bouncer-plugin
          imagePullPolicy: IfNotPresent
          env:
            - name: API_URL
              value: "http://crowdsec-service.infra-monitor.svc.cluster.local:8080"
            - name: API_KEY
              value: "rgILO2mh/t+30LMvzyyMXbfHRmDfBkDDkhEflzHaoQ0"
            - name: BOUNCER_CONFIG
              value: "/crowdsec/crowdsec-bouncer.conf"
          command: ['sh', '-c', "bash /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/"]
          volumeMounts:
            - name: crowdsec-bouncer-plugin
              mountPath: /lua_plugins
      extraVolumeMounts:
        - name: crowdsec-bouncer-plugin
          mountPath: /etc/nginx/lua/plugins/crowdsec
          subPath: crowdsec