I’ve configured my application to run on k3s (latest: v1.22.4) + Traefik (built-in) on Centos8 - all very easy and painless. Thank you.
I’d like to now add Fail2Ban (Github tomMoulard/fail2ban) for rules-based control over less desirable requests.
I believe (!) that I need to begin with enabling the Traefik Pilot service, from where I can then enable the Fail2Ban plugin. I registered an instance and have the pilot.token value, but this is where I’ve hit a dead-end.
Where can I set this token? I’ve tried adding a HelmChartConfig manifest based on Networking | K3s, without success, even after restarting the k3s service.
copy to /var/lib/rancher/k3s/server/manifests/traefik-enable-pilot.yaml
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
pilot:
token: “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”
I also took a guess at adding an annotation to my App’s Ingress yaml:
traefik.ingress.kubernetes.io/pilot.token: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
but, not surprisingly, no joy,
I hope someone can point me to an appropriate documentation or examples on how to enable Fail2Ban for k3s+Traefik, or share if / how this can be achieved.
Thank you.