k8s Traefik bouncer: decision not applied

Hi,
On a running k8s v1.28 + Traefik 3.3 existing cluster, I’m trying to integrate Crowdsec and its Traefik bouncer as traefik plugin.

I see traefik log acquisition is correctly done on the agent:

crowdsec-agent-4wklc:/var/log# cscli metrics show acquisition
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Acquisition Metrics                                                                                                    │
├──────────────────────────────┬────────────┬──────────────┬────────────────┬────────────────────────┬───────────────────┤
│ Source                       │ Lines read │ Lines parsed │ Lines unparsed │ Lines poured to bucket │ Lines whitelisted │
├──────────────────────────────┼────────────┼──────────────┼────────────────┼────────────────────────┼───────────────────┤
│ file:/traefik-log/access.log │ 18         │ 18           │ -              │ 12                     │ -                 │
╰──────────────────────────────┴────────────┴──────────────┴────────────────┴────────────────────────┴───────────────────╯

crowdsec-agent-4wklc:/var/log# cscli metrics show acquisition
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Acquisition Metrics                                                                                                    │
├──────────────────────────────┬────────────┬──────────────┬────────────────┬────────────────────────┬───────────────────┤
│ Source                       │ Lines read │ Lines parsed │ Lines unparsed │ Lines poured to bucket │ Lines whitelisted │
├──────────────────────────────┼────────────┼──────────────┼────────────────┼────────────────────────┼───────────────────┤
│ file:/traefik-log/access.log │ 18         │ 18           │ -              │ 12                     │ -                 │
╰──────────────────────────────┴────────────┴──────────────┴────────────────┴────────────────────────┴───────────────────╯

But when I add manualy a ban decision, it’s like the middleware doesn’t check the decisions and let the request pass. What can I do wrong?

Here my traefik relevant configuration part:

        - --experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
        - --experimental.plugins.bouncer.version=v1.4.1

        - --experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
        - --experimental.plugins.bouncer.version=v1.4.1

The traefik logs show the plugin correctly loaded:

CrowdSec•11mo ago•

81 replies

ook

k8s Traefik bouncer: decision not applied

Hi,
On a running k8s v1.28 + Traefik 3.3 existing cluster, I’m trying to integrate Crowdsec and its Traefik bouncer as traefik plugin.

I see traefik log acquisition is correctly done on the agent:

crowdsec-agent-4wklc:/var/log# cscli metrics show acquisition
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Acquisition Metrics                                                                                                    │
├──────────────────────────────┬────────────┬──────────────┬────────────────┬────────────────────────┬───────────────────┤
│ Source                       │ Lines read │ Lines parsed │ Lines unparsed │ Lines poured to bucket │ Lines whitelisted │
├──────────────────────────────┼────────────┼──────────────┼────────────────┼────────────────────────┼───────────────────┤
│ file:/traefik-log/access.log │ 18         │ 18           │ -              │ 12                     │ -                 │
╰──────────────────────────────┴────────────┴──────────────┴────────────────┴────────────────────────┴───────────────────╯

crowdsec-agent-4wklc:/var/log# cscli metrics show acquisition
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Acquisition Metrics                                                                                                    │
├──────────────────────────────┬────────────┬──────────────┬────────────────┬────────────────────────┬───────────────────┤
│ Source                       │ Lines read │ Lines parsed │ Lines unparsed │ Lines poured to bucket │ Lines whitelisted │
├──────────────────────────────┼────────────┼──────────────┼────────────────┼────────────────────────┼───────────────────┤
│ file:/traefik-log/access.log │ 18         │ 18           │ -              │ 12                     │ -                 │
╰──────────────────────────────┴────────────┴──────────────┴────────────────┴────────────────────────┴───────────────────╯

But when I add manualy a ban decision, it’s like the middleware doesn’t check the decisions and let the request pass. What can I do wrong?

Here my traefik relevant configuration part:

        - --experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
        - --experimental.plugins.bouncer.version=v1.4.1

        - --experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
        - --experimental.plugins.bouncer.version=v1.4.1

The traefik logs show the plugin correctly loaded:

k8s Traefik bouncer: decision not applied

Similar Threads

k8s Traefik bouncer: decision not applied

Similar Threads

Similar Threads

Similar Threads