```yaml apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: crowdsec namespace: crowdsec spec: interval: 15m chart: spec: chart: crowdsec version: "0.19.5" interval: 30m sourceRef: kind: HelmRepository name: crowdsec namespace: flux-system install: timeout: 10m replace: true crds: CreateReplace createNamespace: false remediation: retries: 3 upgrade: remediation: remediateLastFailure: true retries: 3 strategy: rollback cleanupOnFail: true crds: CreateReplace values: # for raw logs format: json or cri (docker|containerd) container_runtime: containerd config: config.yaml.local: | api: server: use_forwarded_for_headers: true auto_registration: # Activate if not using TLS for authentication enabled: true token: "${REGISTRATION_TOKEN}" # /!\ Do not modify this variable (auto-generated and handled by the chart) allowed_ranges: # /!\ Make sure to adapt to the pod IP ranges used by your cluster - "127.0.0.1/32" - "192.168.0.0/16" - "10.0.0.0/8" - "172.16.0.0/12" # db_config: # type: postgresql # user: crowdsec # password: ${DB_PASSWORD} # db_name: crowdsec # host: 192.168.0.2 # port: 5432 # sslmode: require agent: # Specify each pod whose logs you want to process acquisition: - namespace: default podName: ingress-nginx-* program: nginx poll_without_inotify: true # The namespace where the pod is located # - namespace: traefik # # The pod name # podName: traefik-* # # as in crowdsec configuration, we need to specify the program name to find a matching parser # program: traefik env: - name: COLLECTIONS value: "crowdsecurity/nginx" lapi: # Disable registration token generation to avoid b64dec issues registrationToken: "" env: # To enroll the Security Engine to the console - name: ENROLL_KEY valueFrom: secretKeyRef: name: crowdsec-secrets key: crowdsec_enroll_key - name: ENROLL_INSTANCE_NAME value: "k8s-cluster" - name: ENROLL_TAGS value: "k8s" ```