Reorganized for new stable/waypoint versioning design.

2026-05-24 18:28:47 +00:00
parent 945d2225a2
commit bc7a168851
352 changed files with 1264 additions and 294 deletions
--- a/crowdsec/versions/v1/middleware.yaml
+++ b/crowdsec/versions/v1/middleware.yaml
@@ -0,0 +1,89 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: crowdsec-bouncer
+  namespace: crowdsec
+  labels:
+    app: crowdsec
+    managedBy: kustomize
+    partOf: wild-cloud
+spec:
+  plugin:
+    bouncer:
+      crowdsecLapiScheme: http
+      crowdsecLapiHost: crowdsec-lapi.crowdsec.svc.cluster.local:8080
+      crowdsecLapiKeyFile: /etc/traefik/crowdsec/api-key
+      crowdsecMode: stream
+      updateIntervalSeconds: 15
+      defaultDecisionSeconds: 60
+      crowdsecAppsecEnabled: false
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: rate-limit
+  namespace: crowdsec
+  labels:
+    app: crowdsec
+    managedBy: kustomize
+    partOf: wild-cloud
+spec:
+  rateLimit:
+    average: {{ .rateLimitAverage }}
+    burst: {{ .rateLimitBurst }}
+    period: 1m
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: security-headers
+  namespace: crowdsec
+  labels:
+    app: crowdsec
+    managedBy: kustomize
+    partOf: wild-cloud
+spec:
+  headers:
+    browserXssFilter: true
+    contentTypeNosniff: true
+    forceSTSHeader: true
+    frameDeny: true
+    sslRedirect: true
+    stsIncludeSubdomains: true
+    stsPreload: true
+    stsSeconds: 31536000
+    addVaryHeader: true
+    accessControlAllowMethods:
+    - GET
+    - POST
+    - PUT
+    - DELETE
+    - OPTIONS
+    accessControlAllowOriginList:
+    - "*"
+    accessControlMaxAge: 100
+    customRequestHeaders:
+      X-Forwarded-Proto: https
+    customResponseHeaders:
+      Server: ""
+      X-Robots-Tag: noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: security-chain
+  namespace: crowdsec
+  labels:
+    app: crowdsec
+    managedBy: kustomize
+    partOf: wild-cloud
+spec:
+  chain:
+    middlewares:
+    - name: security-headers
+      namespace: crowdsec
+    - name: rate-limit
+      namespace: crowdsec
+    - name: crowdsec-bouncer
+      namespace: crowdsec