K3s + Traefik + Fail2Ban

I’ve configured my application to run on k3s (latest: v1.22.4) + Traefik (built-in) on Centos8 - all very easy and painless. Thank you.

I’d like to now add Fail2Ban (Github tomMoulard/fail2ban) for rules-based control over less desirable requests.

I believe (!) that I need to begin with enabling the Traefik Pilot service, from where I can then enable the Fail2Ban plugin. I registered an instance and have the pilot.token value, but this is where I’ve hit a dead-end.

Where can I set this token? I’ve tried adding a HelmChartConfig manifest based on Rancher Docs: Networking, without success, even after restarting the k3s service.

copy to /var/lib/rancher/k3s/server/manifests/traefik-enable-pilot.yaml

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
name: traefik
namespace: kube-system
valuesContent: |-
token: “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”

I also took a guess at adding an annotation to my App’s Ingress yaml:

traefik.ingress.kubernetes.io/pilot.token: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

but, not surprisingly, no joy,

I hope someone can point me to an appropriate documentation or examples on how to enable Fail2Ban for k3s+Traefik, or share if / how this can be achieved.

Thank you.