k8s bouncer key from Secret
I was able to successfully configure the Traefik bouncer connecting to the Crowdsec deployed via the helm chart. Currently the bouncer key is specified in the values.yaml and the Middleware manifest. Has anyone configured this value from a kubernetes Secret so that it's not committed to SCM along with the rest of the yaml manifests?
4 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
FWIW, in the helm chart I set the ENROLL_KEY and BOUNCER_KEY_name from a secret like this:
lapi:
env:
- name: ENROLL_KEY
valueFrom:
secretKeyRef:
name: crowdsec-secret
key: ENROLL_KEY
- name: BOUNCER_KEY_traefik
valueFrom:
secretKeyRef:
name: crowdsec-secret
key: BOUNCER_KEY_traefik
Seems like it may not be possible in the traefik bouncer plugin to get it's key from a secret.yeah, it's actually something we looked into recently, and it's unfortunately a limitation on traefik side
We were not able to find a workaround
there are Middlewares that reference k8s secrets, eg basicAuth:https://doc.traefik.io/traefik/middlewares/http/basicauth/ so it's at least theoretically possible, but probably would require some changes in the plugin