add a small warning

sabban · sabban · commit 2021db7f946e · 2026-05-11T18:59:37.000+02:00
diff --git a/crowdsec-docs/docs/appsec/quickstart/nginx-ingress.mdx b/crowdsec-docs/docs/appsec/quickstart/nginx-ingress.mdx
@@ -105,6 +105,21 @@ lapi:
           key: BOUNCER_KEY_nginx_ingress_waf
 ```
 
+:::warning
+The Helm chart still enables the CrowdSec agent by default. If you do not want
+the agent, disable it explicitly.
+:::
+
+<details>
+<summary>Snippet to disable the agent</summary>
+
+```yaml title="values.yaml"
+agent:
+  enabled: false
+```
+
+</details>
+
 :::note
 Although this is the same bouncer key value, you need two `Secret` objects here:
 one in `crowdsec` and one in `ingress-nginx`. Kubernetes secrets are
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/nginx-ingress.mdx b/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/nginx-ingress.mdx
@@ -105,6 +105,21 @@ lapi:
           key: BOUNCER_KEY_nginx_ingress_waf
 ```
 
+:::warning
+The Helm chart still enables the CrowdSec agent by default. If you do not want
+the agent, disable it explicitly.
+:::
+
+<details>
+<summary>Snippet to disable the agent</summary>
+
+```yaml title="values.yaml"
+agent:
+  enabled: false
+```
+
+</details>
+
 This YAML configuration snippet exposes the important configuration items:
      * `listen_addr: 0.0.0.0:7422` exposes the AppSec API inside the cluster.
      * `appsec_configs` loads the [AppSec configuration(s)](/appsec/configuration.md) that define which rules are evaluated (in-band vs out-of-band).
