You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: crowdsec-docs/unversioned/getting_started/installation/kubernetes.mdx
+48-5Lines changed: 48 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,14 +12,16 @@ import CodeBlock from '@theme/CodeBlock';
12
12
13
13
# Kubernetes Deployment
14
14
15
-
Before getting started, it is advised to read the [introduction](/unversioned/getting_started/introduction.mdx) page to understand the prerequisites and concepts for running CrowdSec.
15
+
Before getting started, it is advised to read the
16
+
[introduction](/unversioned/getting_started/introduction.mdx) page to understand
17
+
the prerequisites and concepts for running CrowdSec.
Even if an installation could be possible without Helm, it's not supported for now.
24
+
Even if an installation could be possible without Helm, it's not documented for now.
23
25
24
26
## Helm Repository Installation
25
27
@@ -60,7 +62,32 @@ lapi:
60
62
value: "k8s linux test"
61
63
```
62
64
63
-
If you want more information about the configuration, you can check the default [values.yaml](https://artifacthub.io/packages/helm/crowdsec/crowdsec#values)
65
+
Acquisition is done by reading logs directly from pods. You select which pods to
66
+
watch thanks to `namespace` and `podName`, and you have to tag the logs with a
67
+
program so CrowdSec knows which parser should handle them. For example, if you
68
+
set program: nginx, the nginx parser will pick them up. CrowdSec will
69
+
automatically attach to the right pods and feed the logs into the right parsers.
70
+
71
+
<detail>
72
+
<summary>Why `program` and not `type` ?</summary>
73
+
In standard standalone setups documentation states that the labels should be
74
+
name `type` with the type being the parsed log program (eg nginx, traefik). A
75
+
transformation from `type` to `program` is done by the first stage parser
76
+
`crowdsecurity/syslog-logs`which is not relevant in a Kubernetes context.
77
+
</details>
78
+
79
+
<detail>
80
+
<summary>How collection fit in kubernetes environment?</summary>
81
+
82
+
Collections are "recipes" for understanding logs; they don’t find pods on their
83
+
own. You choose which pods to read, and you tag those logs with a program (like
84
+
nginx or traefik). When the tag matches what a collection expects, its rules
85
+
run; if it doesn’t, they stay idle. One log stream can match several collections
86
+
if the tags fit.
87
+
</details>
88
+
89
+
If you want more information about the configuration, you can check the default
0 commit comments