Running crowdsec on Rancher Kubernetes

I tried using the official page docs dot crowdsec dot net/u/getting_started/installation/kubernetes and had no luck. None of the resultant pods ran successfully nor could I get logs on any of them. I’m using Rancher v1.29.4 rke2r1.

There’s a link on docs dot crowdsec dot net to this page: crowdsec 0.13.0 · crowdsec/crowdsec
These two pages contain vastly different “basic” configurations, which is confusing. For instance, one page wants me to use Traefik while the other doesn’t.

On the artifact.io page, one block of code in the same yaml file has password: ${DB_PASSWORD} while another block has dbPassword: <externalDbPassword>. Why might this be? Is there a technical reason for this divergence or is this more the result of two people making edits to the same web page over time without reading the original page? Perhaps this page was auto-generated or updated by a script.

In any case, I’m seeking advice regarding which page to use. I’m obviously not a Kubernetes expert so I’m having trouble deciding.
Adding my deployment yaml below. None of the resultant pods start.

config:
  config.yaml.local: |
    db_config:
      type:     postgresql
      user:     crowdsec
      password: ${DB_PASSWORD}
      db_name:  crowdsec
      host:     192.168.10.132
      port:     5432
      sslmode:  require

agent:
  acquisition:
    - namespace: "crowdsec"      
      podName: "crowdsec-wutwut"   
      program: "/var/log/pods/*.log" 
  resources:
    requests:
      cpu: "100m"  # Lower the CPU request
      memory: "128Mi"  # Lower memory if needed
    limits:
      cpu: "500m"  # Set a reasonable CPU limit
      memory: "256Mi"
  replicaCount: 1

lapi:
  # 2 or more replicas for HA
  resources:
    requests:
      cpu: "100m"  # Lower CPU request for LAPI
      memory: "128Mi"
    limits:
      cpu: "500m"
      memory: "256Mi"
  replicas: 2
  # You can specify your own CS_LAPI_SECRET, or let the chart generate one. Length must be >= 64
  secrets:
    csLapiSecret: <t0iL3tj_sKw1dB@iT>
  # Specify your external DB password here
  extraSecrets:
    dbPassword: <F6-pxY8[l\_%*4d>
  persistentVolume:
    # When replicas for LAPI is greater than 1, two options, persistent volumes must be disabled, or in ReadWriteMany mode
    config:
      enabled: false
    # data volume is not required, since SQLite isn't used
    data:
      enabled: false
  # DB Password passed through environment variable
  env:
    - name: DB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: crowdsec-lapi-secrets
          key: dbPassword

When I run

kubectl -n crowdsec logs crowdsec-lapi-5cc7bf9b5-zjtwv

I get the error:

Generate local agent credentials
level=fatal msg="failed to connect to database: failed creating schema resources: querying server version failed to connect to `host=192.168.10.132 user=crowdsec database=crowdsec`: failed SASL auth (FATAL: password authentication failed for user \"crowdsec\" (SQLSTATE 28P01))"

I can’t tell from the above message whether the pod is trying to create a database or simply authenticate. The crowdsec database already exists and no, those aren’t my actual passwords or secrets.

BTW this site’s software is being a real bitch about links. I had exactly two urls in my first draft but it insisted I had more than two and would not allow me to post.

The postgres server has an IP address that is external to Kubernetes services. Could that be the problem? Might the container have an IP address that can’t reach 192.168 network? Also, if I try to execute a command inside a pod, I get:
error: unable to upgrade connection: container not found (“crowdsec-lapi”)