From 450a64fd824d4ab42a30755b766e164ced72cdd3 Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Sun, 12 Mar 2023 11:24:46 +0100
Subject: [PATCH] add(crowdsec)

---
 projects/crowdsec/project.yml          |   8 +
 projects/crowdsec/values/crowdsec.yaml | 322 +++++++++++++++++++++++++
 2 files changed, 330 insertions(+)
 create mode 100644 projects/crowdsec/project.yml
 create mode 100644 projects/crowdsec/values/crowdsec.yaml

diff --git a/projects/crowdsec/project.yml b/projects/crowdsec/project.yml
new file mode 100644
index 00000000..3b1e3598
--- /dev/null
+++ b/projects/crowdsec/project.yml
@@ -0,0 +1,8 @@
+config:
+  description: IPS
+
+apps:
+- name: crowdsec
+  repoURL: https://crowdsecurity.github.io/helm-charts
+  chart: crowdsec
+  targetRevision: 0.9.5
diff --git a/projects/crowdsec/values/crowdsec.yaml b/projects/crowdsec/values/crowdsec.yaml
new file mode 100644
index 00000000..b0813339
--- /dev/null
+++ b/projects/crowdsec/values/crowdsec.yaml
@@ -0,0 +1,322 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/crowdsecurity/helm-charts/main/charts/crowdsec/values.schema.json
+
+# Default values for crowdsec-chart.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# -- for raw logs format: json or cri (docker|containerd)
+container_runtime: containerd
+
+image:
+  # -- docker image repository name
+  repository: crowdsecurity/crowdsec
+  # -- pullPolicy
+  pullPolicy: IfNotPresent
+  # -- docker image tag
+  tag: ""
+
+# Here you can specify your own custom configuration to be loaded in crowdsec agent or lapi
+# Each config needs to be a multi-line using '|' in YAML specs
+# for the agent those configs will be loaded : parsers, scenarios, postoverflows, simulation.yaml
+# for the lapi those configs will be loaded : profiles.yaml, notifications, console.yaml
+config:
+  # -- To better understand stages in parsers, you can take a look at https://docs.crowdsec.net/docs/next/parsers/intro/
+  parsers:
+    s00-raw: {}
+    s01-parse: {}
+      # example-parser.yaml: |
+      #   filter: "evt.Line.Labels.type == 'myProgram'"
+      #   onsuccess: next_stage
+      #   ....
+    s02-enrich: {}
+  # -- to better understand how to write a scenario, you can take a look at https://docs.crowdsec.net/docs/next/scenarios/intro
+  scenarios: {}
+    # myScenario.yaml: |
+    #   type: trigger
+    #    name: myName/MyScenario
+    #    description: "Detect bruteforce on myService"
+    #    filter: "evt.Meta.log_type == 'auth_bf_log'"
+    #    ...
+  # -- to better understand how to write a postoverflow, you can take a look at (https://docs.crowdsec.net/docs/next/whitelist/create/#whitelist-in-postoverflows)
+  postoverflows:
+    s00-enrich: {}
+      # rdnsEnricher.yaml: |
+      #   ...
+    s01-whitelist: {}
+      # myRdnsWhitelist.yaml: |
+      #   ...
+  # -- Simulation configuration (https://docs.crowdsec.net/docs/next/scenarios/simulation/)
+  simulation.yaml: ""
+    #  |
+    # simulation: false
+    # exclusions:
+    #  - crowdsecurity/ssh-bf
+  console.yaml: ""
+    #   |
+    # share_manual_decisions: true
+    # share_tainted: true
+    # share_custom: true
+  # -- Profiles configuration (https://docs.crowdsec.net/docs/next/profiles/format/#profile-configuration-example)
+  profiles.yaml: ""
+    #   |
+    #  name: default_ip_remediation
+    #  debug: true
+    #  filters:
+    #    - Alert.Remediation == true && Alert.GetScope() == "Ip"
+    #  ...
+  # -- notifications configuration (https://docs.crowdsec.net/docs/next/notification_plugins/intro)
+  notifications: {}
+    # email.yaml: |
+    #   type: email
+    #   name: email_default
+    #   One of "trace", "debug", "info", "warn", "error", "off"
+    #   log_level: info
+    #   ...
+    # slack.yaml: ""
+    # http.yaml: ""
+    # splunk.yaml: ""
+
+tls:
+  enabled: false
+  caBundle: true
+  insecureSkipVerify: false
+  certManager:
+    enabled: true
+  bouncer:
+    secret: "{{ .Release.Name }}-bouncer-tls"
+    reflector:
+      namespaces: []
+  agent:
+    tlsClientAuth: true
+    secret: "{{ .Release.Name }}-agent-tls"
+    reflector:
+      namespaces: []
+  lapi:
+    secret: "{{ .Release.Name }}-lapi-tls"
+
+# If you want to specify secrets that will be used for all your crowdsec-agents
+# secrets can be provided as env variables
+secrets:
+  # -- agent username (default is generated randomly)
+  username: ""
+  # -- agent password (default is generated randomly)
+  password: ""
+
+# lapi will deploy pod with crowdsec lapi and dashboard as deployment
+lapi:
+  # -- environment variables from crowdsecurity/crowdsec docker image
+  env:
+    - name: DISABLE_ONLINE_API
+      value: "true"
+    # by default disable the agent because it only needs the local API.
+    #- name: DISABLE_AGENT
+    #  value: "true"
+  # -- Enable ingress lapi object
+  ingress:
+    enabled: false
+    annotations:
+      # we only want http to the backend so we need this annotation
+      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    # labels: {}
+    ingressClassName: "" # nginx
+    host: "" # crowdsec-api.example.com
+    # tls: {}
+
+  dashboard:
+    # -- Enable Metabase Dashboard (by default disabled)
+    enabled: true
+    image:
+      # -- docker image repository name
+      repository: metabase/metabase
+      # -- pullPolicy
+      pullPolicy: IfNotPresent
+      # -- docker image tag
+      tag: "v0.41.5"
+    # -- Metabase SQLite static DB containing Dashboards
+    assetURL: https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip
+
+    ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
+    ##
+    resources: {}
+      # limits:
+      #   memory: 2Gi
+      # requests:
+      #   cpu: 150m
+      #   memory: 1700Mi
+
+    # -- Enable ingress object
+    ingress:
+      enabled: true
+      annotations:
+        # metabase only supports http so we need this annotation
+        cert-manager.io/cluster-issuer: vault-issuer
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+      # labels: {}
+      ingressClassName: "ingress-internal" # nginx
+      host: "crowdsec.dc" # metabase.example.com
+      tls: 
+        - secretName: crowdsec-tls
+          hosts:
+          - crowdsec.dc
+
+
+  resources:
+    limits:
+      memory: 100Mi
+    requests:
+      cpu: 150m
+      memory: 100Mi
+  # -- Enable persistent volumes
+  persistentVolume:
+    # -- Persistent volume for data folder. Stores e.g. registered bouncer api keys
+    data:
+      enabled: true
+      accessModes:
+        - ReadWriteOnce
+      storageClassName: ""
+      existingClaim: ""
+      size: 1Gi
+    # -- Persistent volume for config folder. Stores e.g. online api credentials
+    config:
+      enabled: true
+      accessModes:
+        - ReadWriteOnce
+      storageClassName: ""
+      existingClaim: ""
+      size: 100Mi
+
+  service:
+    type: ClusterIP
+    labels: {}
+    annotations: {}
+    externalIPs: []
+    loadBalancerIP: null
+    loadBalancerClass: null
+    externalTrafficPolicy: Cluster
+
+  # -- nodeSelector for lapi
+  nodeSelector: {}
+  # -- tolerations for lapi
+  tolerations: {}
+
+  # -- Enable service monitoring (exposes "metrics" port "6060" for Prometheus)
+  metrics:
+    enabled: false
+    # -- Creates a ServiceMonitor so Prometheus will monitor this service
+    # -- Prometheus needs to be configured to watch on all namespaces for ServiceMonitors
+    # -- See the documentation: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#prometheusioscrape
+    # -- See also: https://github.com/prometheus-community/helm-charts/issues/106#issuecomment-700847774
+    serviceMonitor:
+      enabled: false
+
+  strategy:
+    type: RollingUpdate
+
+# agent will deploy pod on every node as daemonSet to read wanted pods logs
+agent:
+  # -- To add custom acquisitions using available datasources (https://docs.crowdsec.net/docs/next/data_sources/intro)
+  additionalAcquisition: []
+    # - source: kinesis
+    #   stream_name: my-stream
+    #   labels:
+    #     type: mytype
+    # - source: syslog
+    #   listen_addr: 127.0.0.1
+    #   listen_port: 4242
+    #   labels:
+    #     type: syslog
+  acquisition:
+    # -- Specify each pod you want to process it logs (namespace, podName and program)
+    - namespace: "ingress-internal" #ingress-nginx
+      # -- to select pod logs to process
+      podName: "ingress-internel-*" #ingress-nginx-controller-*
+      # -- program name related to specific parser you will use (see https://hub.crowdsec.net/author/crowdsecurity/configurations/docker-logs)
+      program: "nginx" #nginx
+
+    - namespace: "ingress-external" #ingress-nginx
+      podName: "ingress-external-*" #ingress-nginx-controller-*
+      program: "nginx" #nginx
+  resources:
+    limits:
+      memory: 100Mi
+    requests:
+      cpu: 150m
+      memory: 100Mi
+  # -- Enable persistent volumes
+  persistentVolume:
+    # -- Persistent volume for config folder. Stores local config (parsers, scenarios etc.)
+    config:
+      enabled: false
+      accessModes:
+        - ReadWriteOnce
+      storageClassName: ""
+      existingClaim: ""
+      size: 100Mi
+  # -- environment variables from crowdsecurity/crowdsec docker image
+  env:
+    # by default we configure the docker-logs parser to be able to parse docker logs in k8s
+    # by default we disable local API on the agent pod
+    # - name: SCENARIOS
+    #   value: "scenario/name otherScenario/name"
+    # - name: PARSERS
+    #   value: "parser/name otherParser/name"
+    # - name: POSTOVERFLOWS
+    #   value: "postoverflow/name otherPostoverflow/name"
+    # - name: CONFIG_FILE
+    #   value: "/etc/crowdsec/config.yaml"
+    # - name: DSN
+    #   value: "file:///var/log/toto.log"
+    # - name: TYPE
+    #   value: "Labels.type_for_time-machine_mode"
+    # - name: TEST_MODE
+    #   value: "false"
+    # - name: TZ
+    #   value: ""
+    # - name: DISABLE_AGENT
+    #   value: "false"
+    - name: DISABLE_ONLINE_API
+      value: "true"
+    - name: COLLECTIONS
+      value: "crowdsecurity/nginx"
+    # - name: LEVEL_TRACE
+    #   value: "false"
+    # - name: LEVEL_DEBUG
+    #   value: "false"
+    # - name: LEVEL_INFO
+    #   value: "false"
+
+  # -- nodeSelector for agent
+  nodeSelector: {}
+  # -- tolerations for agent
+  tolerations: {}
+
+  # -- Enable service monitoring (exposes "metrics" port "6060" for Prometheus)
+  metrics:
+    enabled: false
+    # -- Creates a ServiceMonitor so Prometheus will monitor this service
+    # -- Prometheus needs to be configured to watch on all namespaces for ServiceMonitors
+    # -- See the documentation: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#prometheusioscrape
+    # -- See also: https://github.com/prometheus-community/helm-charts/issues/106#issuecomment-700847774
+    serviceMonitor:
+      enabled: false
+
+  service:
+    type: ClusterIP
+    labels: {}
+    annotations: {}
+    externalIPs: []
+    loadBalancerIP: null
+    loadBalancerClass: null
+    externalTrafficPolicy: Cluster
+
+  # -- wait-for-lapi init container
+  wait_for_lapi:
+    image:
+      # -- docker image repository name
+      repository: busybox
+      # -- pullPolicy
+      pullPolicy: IfNotPresent
+      # -- docker image tag
+      tag: "1.28"
+
+#service: {}