This message was deleted.

I think best practice is to have this behind a load balancer. Are you using one?

^ this. RKE2 uses ingress-nginx and you can configure this in an ingress (nginx or others).

I tried to use Crowdsec inside cluster. It reads Ingress logs well, but to configure nginx bouncer I need to patch ingress and there's no good examples how to do it. I don't have load balancer, only nginx-ingress. Also I need to have standalone crowdsec on each node to protect ssh, so I thought it will be a good idea to handle web requests there as well. It seemed to be much easier to configure everything in one place on the node. But RKE2 just ignores my ip rules.