Why my ip pods is ban ? Kubernetes Helm install

Hello all !

I’ve Kubernetes cluster with ingress nginx installed via helm.
The cloud provider is Scaleway.

I’ve installed crowdsec helm with modified values, this work but agents ban my pods.
For bypass this I’ve created whitelist with range ip. This is ingress bad configuration ?

ingress value :

controller:
  service:
    annotations:
      service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "*"
  config:
    use-proxy-protocol: true
    proxy-real-ip-cidr: 172.16.8.0/22

Top value crowdsec white list :

container_runtime: containerd

config:
  parsers:
    s02-enrich:
      whitelist-ippub.yaml: |
        name: crowdsecurity/whitelists-ippub
        description: "Whitelist du range des nodes"
        whitelist:
          reason: "IP publiques des nodes"
          cidr:
            - "100.64.0.0/16"
            - "172.16.8.0/24"
  profiles.yaml: |
     name: default_ip_remediation
     debug: true
     filters:
      - Alert.Remediation == true && Alert.GetScope() == "Ip"
     decisions:
      - type: ban
        duration: 4h
     duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
     notifications:
      - http_default
     on_success: break

Capture d’écran du 2023-11-02 16-55-22878×1106 192 KB

I don’t understand the question to be honest. If they are coming from scaleway then the remote IP should be correct no?

Then is the port accessible outside of scale way?

Pods are not directly accessible to the public.
I wanted to know if it’s normal that I have to do this whitelist configuration in crowdsec or if it’s a bad configuration on my part in the nginx ingress.
The crowdsec lapi pod receives requests from the pod + the public client ip, so without the whitelist it also ban the pod.

This shouldnt be the case, as the logs should only log the remote IP. If this is not the case either change the log pattern or our parsers need to be updated.