```yaml
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: ingress-nginx-internal
  namespace: default
spec:
  interval: 1h
  chart:
    spec:
      chart: ingress-nginx
      version: "4.10.1"
      sourceRef:
        kind: HelmRepository
        name: ingress-nginx
        namespace: default
  values:
    controller:
      service:
        type: LoadBalancer
        # externalTrafficPolicy: Local
        annotations:
          metallb.io/loadBalancerIPs: 10.0.10.25
      ingressClassResource:
        name: nginx-internal
        enabled: true
        default: false
      replicaCount: 3

      allowSnippetAnnotations: true

      #################################
      # Start Crowdsec Bouncer Plugin
      #################################
      extraVolumes:
      - name: crowdsec-bouncer-plugin
        emptyDir: {}
      extraInitContainers:
      - name: init-clone-crowdsec-bouncer
        image: crowdsecurity/lua-bouncer-plugin
        imagePullPolicy: IfNotPresent
        env:
          - name: API_URL
            value: "http://crowdsec-service.crowdsec.svc.cluster.local:8080" # crowdsec lapi service-name
          - name: API_KEY
            value: "1db83ccc94e043be8ab33ee448899afa61" # generated with `cscli bouncers add <bouncer_name>
          - name: BOUNCER_CONFIG
            value: "/crowdsec/crowdsec-bouncer.conf"
          - name: CAPTCHA_PROVIDER
          #   value: "recaptcha" # valid providers are recaptcha, hcaptcha, turnstile
          # - name: SECRET_KEY
          #   value: "<your-captcha-secret-key>" # If you want captcha support otherwise remove this ENV VAR
          # - name: SITE_KEY
          #   value: "<your-captcha-site-key>" # If you want captcha support otherwise remove this ENV VAR
          - name: BAN_TEMPLATE_PATH
            value: "/etc/nginx/lua/plugins/crowdsec/templates/ban.html"
          - name: CAPTCHA_TEMPLATE_PATH
            value: "/etc/nginx/lua/plugins/crowdsec/templates/captcha.html"
          ## Appsec configuration, optional.
          ## Remove this section if not using appsec
          # - name: APPSEC_URL
          #   value: "http://crowdsec-appsec-service.crowdsec.svc.cluster.local:7422" # if using our helm chart with "crowdsec" release name, and running the appsec in the "crowdsec" namespace
          # - name: APPSEC_FAILURE_ACTION
          #   value: "passthrough" # What to do if the appsec is down, optional
          # - name: APPSEC_CONNECT_TIMEOUT # connection timeout to the appsec, in ms, optionial
          #   value: "100"
          # - name: APPSEC_SEND_TIMEOUT # write timeout to the appsec, in ms, optional
          #   value: "100"
          # - name: APPSEC_PROCESS_TIMEOUT # max processing duration of the request, in ms, optional
          #   value: "1000"
          # - name: ALWAYS_SEND_TO_APPSEC
          #   value: "false" # always send requests to the appsec, even if there's a decision against the IP, optional
        command: ['sh', '-c', "sh /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/"]
        volumeMounts:
        - name: crowdsec-bouncer-plugin
          mountPath: /lua_plugins
      extraVolumeMounts:
      - name: crowdsec-bouncer-plugin
        mountPath: /etc/nginx/lua/plugins/crowdsec
        subPath: crowdsec
      config:
        plugins: "crowdsec"
        lua-shared-dicts: "crowdsec_cache: 50m"
        # server-snippet : |
        #   resolver ipv6=off;
      #################################
      # End Crowdsec Bouncer Plugin
      #################################
```