Skip to content

Add image variants, PDB/updateStrategy, feature.yaml and optional acquisition container selection#340

Open
Autherain wants to merge 5 commits intocrowdsecurity:mainfrom
Autherain:feat/image-tag-suffix
Open

Add image variants, PDB/updateStrategy, feature.yaml and optional acquisition container selection#340
Autherain wants to merge 5 commits intocrowdsecurity:mainfrom
Autherain:feat/image-tag-suffix

Conversation

@Autherain
Copy link

@Autherain Autherain commented Mar 9, 2026
edited
Loading

Summary

  • Add image.tagSuffix to append a suffix to image tags (for alternative image flavors)
  • Add image.jobs.tagSuffix to override suffix for registration jobs (keep Alpine compatibility when main image uses -debian)
  • Add lapi.podDisruptionBudget to protect LAPI availability during voluntary disruptions
  • Add agent.updateStrategy to configure DaemonSet rollout behavior
  • Add config.feature.yaml to configure CrowdSec feature flags mounted in LAPI and agent pods
  • Add optional agent.acquisition[].containerName to restrict pod log acquisition to a specific container, while preserving existing wildcard behavior when omitted

Validation

  • helm lint ./charts/crowdsec/ -f ./charts/crowdsec/ci/crowdsec-values.yaml
  • helm template check with containerName set: renders /var/log/containers/<pod>_<namespace>_<container>-*.log
  • helm template check without containerName: keeps /var/log/containers/<pod>_<namespace>_*.log
  • Regenerated chart docs with @bitnami/readme-generator-for-helm

/kind enhancement
/area configuration

Etienne Vaneecloo added 3 commits March 9, 2026 15:01
feat(crowdsec): add image.jobs.tagSuffix to override tag suffix for jobs
cb6cdf8 
Registration jobs run scripts that use apk (Alpine), so they are
incompatible with the Debian image variant. image.jobs.tagSuffix defaults
to null (inherits from image.tagSuffix) but can be explicitly set to ""
to pin jobs to the Alpine-based image when image.tagSuffix is "-debian".
feat(crowdsec): add PDB for LAPI and updateStrategy for agent DaemonSet
0fc6443 
- lapi.podDisruptionBudget: optional PodDisruptionBudget (policy/v1) to
  guarantee minimum availability during voluntary disruptions (node drains,
  rolling cluster upgrades). Supports both minAvailable and maxUnavailable.
- agent.updateStrategy: expose DaemonSet updateStrategy in values to allow
  tuning maxUnavailable during agent rollouts (defaults to RollingUpdate/1).
feat(crowdsec): add feature.yaml config support
3cca731 
Expose /etc/crowdsec/feature.yaml via config.feature.yaml in values to
allow enabling or disabling experimental CrowdSec feature flags (e.g.
cscli_setup, re2_grok_support). The ConfigMap is mounted in both LAPI
and agent pods since feature flags apply to all CrowdSec processes.
@Autherain Autherain force-pushed the feat/image-tag-suffix branch from 104e72b to 3cca731 Compare March 9, 2026 14:14
@Autherain Autherain changed the title feat(crowdsec): add image.tagSuffix support to append suffix to image tags feat(crowdsec): add image variant support, PDB, DaemonSet updateStrategy and feature.yaml Mar 9, 2026
@Autherain Autherain changed the title feat(crowdsec): add image variant support, PDB, DaemonSet updateStrategy and feature.yaml feat(crowdsec): add image variants, PDB/updateStrategy, feature.yaml and optional acquisition container selection Mar 9, 2026
@Autherain Autherain changed the title feat(crowdsec): add image variants, PDB/updateStrategy, feature.yaml and optional acquisition container selection Add image variants, PDB/updateStrategy, feature.yaml and optional acquisition container selection Mar 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/configuration kind/enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Autherain