Hi,
some word about my setup. I’m running a k3s with nginx instead of traefik on a Pi 4.
First i’ve installed crowdsec on this machine to secure SSH and it runs like a charm.
Next step is to install crowdsec in my k8s cluster to secure nginx and web access.
So i installed crowdsec like described on this page: https://www.crowdsec.net/blog/kubernetes-crowdsec-integration
This also works without problems.
Last step is to install ingress bouncer a described here: https://docs.crowdsec.net/docs/bouncers/ingress-nginx
The instructions actually lead to a second container being started in addition to the nginx-contoller. However, the script for this container fails.
The error message is:
/docker_start.sh: line 63: syntax error: bad substitution
Here’s the yaml for the nginx HELM chart:
controller:
extraVolumes:
- name: crowdsec-bouncer-plugin
emptyDir: {}
extraInitContainers:
- name: init-clone-crowdsec-bouncer
image: crowdsecurity/lua-bouncer-plugin
imagePullPolicy: IfNotPresent
env:
- name: API_URL
value: "http://crowdsec-service.crowdsec.svc.cluster.local:8080" # crowdsec lapi service-name
- name: API_KEY
value: "akeythatnoonemustknow"
- name: BOUNCER_CONFIG
value: /crowdsec/crowdsec-bouncer.conf
- name: BAN_TEMPLATE_PATH
value: /etc/nginx/lua/plugins/crowdsec/templates/ban.html
command:
[
"sh",
"-c",
"sh /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/",
]
volumeMounts:
- name: crowdsec-bouncer-plugin
mountPath: /lua_plugins
extraVolumeMounts:
- name: crowdsec-bouncer-plugin
mountPath: /etc/nginx/lua/plugins/crowdsec
subPath: crowdsec
config:
plugins: "crowdsec"
lua-shared-dicts: "crowdsec_cache: 50m"
server-snippet: |
resolver local=on ipv6=off;
I am at my wit’s end. Does anyone have any idea what I am doing wrong? Is there a conflict between the installation in the cluster and on the machine?
Thank you in advance.