From b378caee7d358eef3bca319b8726d840e0bb1b14 Mon Sep 17 00:00:00 2001 From: sabban Date: Wed, 10 Sep 2025 15:48:48 +0200 Subject: [PATCH 1/6] improve ingress nginx documentation accuracy --- .../unversioned/bouncers/ingress-nginx.mdx | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx index 3e24670ad..5326a5dd0 100644 --- a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx +++ b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx @@ -30,10 +30,6 @@ import RemediationSupportBadges from '@site/src/components/remediation-support-b A lua Remediation Component for Ingress Nginx Controller. -:::warning -Ingress Nginx Version **1.12** or higher currently is not supported due to removal of Lua plugins support see [this issue](https://github.com/crowdsecurity/cs-openresty-bouncer/issues/60) for latest news. -::: - ## How does it work ? This component leverages OpenResty lua's API, used the ingress nginx controller as a [plugin](https://github.com/kubernetes/ingress-nginx/blob/main/rootfs/etc/nginx/lua/plugins/README.md). @@ -59,8 +55,18 @@ The Ingress nginx controller should be installed using the [official helm chart] First you need to create new ingress-nginx chart values file (`crowdsec-ingress-bouncer.yaml`) to upgrade the ingress controller with the crowdsec plugin. +:::warning It is of the uttermost importance to note that lua support has been +removed from mainline ingress nginx in 1.12. As crowdsec remediation highly +depends on lua support, one has to use our controller image as show an in the +following values example ::: + + ```yaml controller: + image: + PullPolicy: IfNotPresent + image: crowdsecurity/controller + tag: latest extraVolumes: - name: crowdsec-bouncer-plugin emptyDir: {} From 31f33e317485f3b91056466c1bb65abc1b4f35ed Mon Sep 17 00:00:00 2001 From: sabban Date: Wed, 10 Sep 2025 16:02:18 +0200 Subject: [PATCH 2/6] typo --- crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx index 5326a5dd0..1706a6657 100644 --- a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx +++ b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx @@ -58,7 +58,8 @@ First you need to create new ingress-nginx chart values file (`crowdsec-ingress- :::warning It is of the uttermost importance to note that lua support has been removed from mainline ingress nginx in 1.12. As crowdsec remediation highly depends on lua support, one has to use our controller image as show an in the -following values example ::: +following values example: +::: ```yaml From cc7de79459c9049afe55174e78dfcf20178cbd1c Mon Sep 17 00:00:00 2001 From: sabban Date: Wed, 10 Sep 2025 16:12:43 +0200 Subject: [PATCH 3/6] typo --- crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx index 1706a6657..5db860b84 100644 --- a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx +++ b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx @@ -55,10 +55,12 @@ The Ingress nginx controller should be installed using the [official helm chart] First you need to create new ingress-nginx chart values file (`crowdsec-ingress-bouncer.yaml`) to upgrade the ingress controller with the crowdsec plugin. -:::warning It is of the uttermost importance to note that lua support has been -removed from mainline ingress nginx in 1.12. As crowdsec remediation highly -depends on lua support, one has to use our controller image as show an in the -following values example: +:::warning + +It is of the utmost importance to note that lua support has been removed from +mainline ingress nginx in version 1.12. As crowdsec remediation highly depends +on lua support, one has to use our controller image as show an in the following +values example. ::: From 6df1ffb8097980fcc7822c417026c2326e982efe Mon Sep 17 00:00:00 2001 From: sabban Date: Wed, 10 Sep 2025 17:32:52 +0200 Subject: [PATCH 4/6] more details --- .../unversioned/bouncers/ingress-nginx.mdx | 30 +++++++++++++++---- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx index 5db860b84..e75fe46cd 100644 --- a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx +++ b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx @@ -53,7 +53,7 @@ The Ingress nginx controller should be installed using the [official helm chart] ### Using Helm -First you need to create new ingress-nginx chart values file (`crowdsec-ingress-bouncer.yaml`) to upgrade the ingress controller with the crowdsec plugin. +First you need to create new ingress-nginx chart values file (`crowdsec-ingress-values.yaml`) to upgrade the ingress controller with the crowdsec plugin. :::warning @@ -124,15 +124,35 @@ controller: resolver local=on ipv6=off; ``` -This values upgrade your ingress deployment to add crowdsec lua lib as a plugin and run with the ingress controller. -It used [this docker image](https://hub.docker.com/r/crowdsecurity/lua-bouncer-plugin) to copy the crowdsec lua library. +
+ You already have a deployed ingress nginx -Once you have this patch we can upgrade the ingress-nginx chart. +This values.yaml upgrade your ingress deployment to add crowdsec lua lib as a +plugin and run with the crowdsec maintained nginx ingress controller with lua +support. It uses [this docker +image](https://hub.docker.com/r/crowdsecurity/lua-bouncer-plugin) to copy the +crowdsec lua library. You can upgrade the ingress-nginx using this `crowdsec-ingress-values.yaml` ```bash -helm -n ingress-nginx upgrade -f ingress-nginx-values.yaml -f crowdsec-ingress-bouncer.yaml ingress-nginx ingress-nginx +helm -n ingress-nginx upgrade -f ingress-nginx-values.yaml -f crowdsec-ingress-values.yaml ingress-nginx/ingress-nginx ``` +
+ +
+ You don't have a deployed ingress nginx + +This values.yaml install your ingress deployment to add crowdsec lua lib as a +plugin and run with the crowdsec maintained nginx ingress controller with lua +support. It uses [this docker +image](https://hub.docker.com/r/crowdsecurity/lua-bouncer-plugin) to copy the +crowdsec lua library. You can install the ingress-nginx using this `crowdsec-ingress-values.yaml` + +```bash +helm -n ingress-nginx install -f crowdsec-ingress-values.yaml ingress-nginx ingress-nginx/ingress-nginx +``` +
+ And then check if the ingress controller is running well. ```bash From 4e088599ad7fd91a5f94ab02ab089efecfc20ad7 Mon Sep 17 00:00:00 2001 From: sabban Date: Thu, 11 Sep 2025 13:58:28 +0200 Subject: [PATCH 5/6] update ingress nginx doc --- crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx index e75fe46cd..f79e818d2 100644 --- a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx +++ b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx @@ -57,10 +57,9 @@ First you need to create new ingress-nginx chart values file (`crowdsec-ingress- :::warning -It is of the utmost importance to note that lua support has been removed from -mainline ingress nginx in version 1.12. As crowdsec remediation highly depends -on lua support, one has to use our controller image as show an in the following -values example. +Lua support has been removed from mainline ingress nginx in version 1.12. As +CrowdSec remediation relies on lua, you need to use our controller image as +shown in the following values.yaml. ::: From 361b66858247723326595b1878046b965f40760c Mon Sep 17 00:00:00 2001 From: sabban Date: Thu, 11 Sep 2025 14:03:17 +0200 Subject: [PATCH 6/6] add comment --- crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx index f79e818d2..51129e9e3 100644 --- a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx +++ b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx @@ -68,6 +68,7 @@ controller: image: PullPolicy: IfNotPresent image: crowdsecurity/controller + # Crowdsec Remediation with Ingress Nginx requires to use our controller image tag: latest extraVolumes: - name: crowdsec-bouncer-plugin