Reference
Configuration reference¶
Lookup reference for CrowdSec configuration values in kup6s.
Each table documents the live cluster state as of Phase 2.
Code sources¶
The configuration is split across three repositories.
What |
Path |
|---|---|
Engine helm values |
|
Middleware CRDs (plugin config) |
|
Traefik plugin loader |
|
Secret bridges (ESO) |
|
Config defaults |
|
Plugin configuration keys (Middleware CRD)¶
The crowdsec-bouncer Middleware CRD passes these keys to the plugin runtime.
Key |
Value in |
Description |
|---|---|---|
|
|
Plugin active |
|
|
Pull decisions every 60 s, maintain local cache |
|
|
Unencrypted within the cluster network |
|
|
LAPI ClusterIP service |
|
|
Bouncer API key file path inside Traefik pods |
|
|
AppSec not active (Phase 3) |
|
|
TTL for default decisions |
|
|
Plugin → LAPI timeout |
|
|
Plugin poll interval |
|
|
PROXY-protocol source trust |
|
|
Phase 2 client allowlist, RFC1918 only |
|
|
(For appsec middleware) fail-open on AppSec unavailability |
In-pod paths¶
These file paths inside cluster pods are referenced by other configuration.
Path |
What |
|---|---|
|
Bouncer API key mounted into Traefik pods |
|
Engine config in the LAPI pod (chart-managed) |
|
Engine config overlay ( |
Service names and ports¶
Service |
Namespace |
Ports |
Purpose |
|---|---|---|---|
|
crowdsec |
6060 (metrics), 8080 (lapi) |
LAPI HTTP API |
|
crowdsec |
6060 (metrics), 7422 (appsec) |
AppSec component |
|
crowdsec |
5432 |
Postgres primary (CNPG) |
|
crowdsec |
5432 |
Postgres replica (CNPG) |
Sync-wave ordering (ArgoCD)¶
ArgoCD applies resources in this order:
Wave |
Resource |
|---|---|
0 |
Namespace |
1 |
ClusterSecretStore × 2 (crowdsec ns + traefik ns), CNPG cluster |
2 |
ExternalSecret × 2 |
3 |
HelmChart (engine) |
4 |
Middleware × 2 (bouncer + appsec) |
5 |
Grafana dashboard ConfigMaps |