From 18b82863ff6d93ea02608f3669e33da29c8e5f38 Mon Sep 17 00:00:00 2001 From: Yannick Siewe Date: Fri, 6 Dec 2024 12:25:05 +0100 Subject: [PATCH 1/2] fix: update wazuh service file --- charts/wazuh/.dashboard.yaml | 124 +++++++++++++++++++++++++++ charts/wazuh/.wazuh-cluster-svc.yaml | 26 ++++++ charts/wazuh/.wazuh-svc.yaml | 39 +++++++++ charts/wazuh/.wazuh-woker-svc.yaml | 35 ++++++++ 4 files changed, 224 insertions(+) create mode 100644 charts/wazuh/.dashboard.yaml create mode 100644 charts/wazuh/.wazuh-cluster-svc.yaml create mode 100644 charts/wazuh/.wazuh-svc.yaml create mode 100644 charts/wazuh/.wazuh-woker-svc.yaml diff --git a/charts/wazuh/.dashboard.yaml b/charts/wazuh/.dashboard.yaml new file mode 100644 index 0000000..3644406 --- /dev/null +++ b/charts/wazuh/.dashboard.yaml @@ -0,0 +1,124 @@ +# Please edit the object below. Lines beginning with a '#' will be ignored, +# and an empty file will abort the edit. If an error occurs while saving this file will be +# reopened with the relevant failures. +# +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + kubernetes.io/description: wazuh cluster + creationTimestamp: "2024-12-05T23:09:28Z" + generation: 1 + labels: + app: wazuh-dashboard + app.kubernetes.io/instance: wazuh + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: wazuh + app.kubernetes.io/version: 4.9.2 + argocd.argoproj.io/instance: wazuh + helm.sh/chart: wazuh-helm-0.2.17 + name: wazuh-dashboard + namespace: wazuh + resourceVersion: "61705941" + uid: 65ef56db-18d8-4538-adb9-72cba05f5a05 +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: wazuh-dashboard + app.kubernetes.io/instance: wazuh + app.kubernetes.io/name: wazuh + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: f088c2b4f43d6a6f953129ac6287186bb489e368b6e61e6e62781b1a99bce0de + kubernetes.io/description: wazuh cluster + creationTimestamp: null + labels: + app: wazuh-dashboard + app.kubernetes.io/instance: wazuh + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: wazuh + app.kubernetes.io/version: 4.9.2 + helm.sh/chart: wazuh-helm-0.2.17 + name: wazuh-dashboard + spec: + containers: + - env: + - name: OPENSEARCH_JAVA_OPTS + value: '-Xms2g -Xmx2g -Dlog4j2.formatMsgNoLookups=true' + - name: INDEXER_URL + value: https://wazuh-indexer-api:9200 + - name: WAZUH_API_URL + value: https://wazuh-manager-master-0.wazuh-cluster + - name: SERVER_SSL_ENABLED + value: "true" + - name: SERVER_SSL_CERTIFICATE + value: /usr/share/wazuh-dashboard/certs/dashboard.pem + - name: SERVER_SSL_KEY + value: /usr/share/wazuh-dashboard/certs/dashboard-key.pem + envFrom: + - secretRef: + name: ext-wazuh-indexer-secrets + - secretRef: + name: ext-wazuh-api-credentials + - secretRef: + name: ext-wazuh-dashboard-secrets + image: docker.io/wazuh/wazuh-dashboard:4.9.2 + imagePullPolicy: IfNotPresent + name: wazuh-dashboard + ports: + - containerPort: 5601 + name: dashboard + protocol: TCP + resources: + limits: + cpu: 2000m + memory: 2Gi + requests: + cpu: 1000m + memory: 1Gi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /usr/share/wazuh-dashboard/certs/root-ca.pem + name: root-certs + readOnly: true + subPath: root-ca.pem + - mountPath: /usr/share/wazuh-dashboard/certs/dashboard-key.pem + name: certs + readOnly: true + subPath: dashboard-key.pem + - mountPath: /usr/share/wazuh-dashboard/certs/dashboard.pem + name: certs + readOnly: true + subPath: dashboard.pem + - mountPath: /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml + name: config + subPath: opensearch_dashboards.yml + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - name: certs + secret: + defaultMode: 420 + secretName: wazuh-certificates + - name: root-certs + secret: + defaultMode: 420 + secretName: ext-wazuh-root-ca-secrets + - configMap: + defaultMode: 420 + name: wazuh-dashboard-conf + name: config \ No newline at end of file diff --git a/charts/wazuh/.wazuh-cluster-svc.yaml b/charts/wazuh/.wazuh-cluster-svc.yaml new file mode 100644 index 0000000..b0581ae --- /dev/null +++ b/charts/wazuh/.wazuh-cluster-svc.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kubernetes.io/description: wazuh cluster + labels: + app: wazuh-manager + app.kubernetes.io/instance: wazuh + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: wazuh + app.kubernetes.io/version: 4.9.2 + argocd.argoproj.io/instance: wazuh + helm.sh/chart: wazuh-helm-0.2.17 + name: wazuh-master + namespace: wazuh +spec: + ports: + - name: cluster + port: 1516 + protocol: TCP + targetPort: 1516 + clusterIP: None + selector: + app: wazuh-manager + app.kubernetes.io/instance: wazuh + app.kubernetes.io/name: wazuh diff --git a/charts/wazuh/.wazuh-svc.yaml b/charts/wazuh/.wazuh-svc.yaml new file mode 100644 index 0000000..15b5eb0 --- /dev/null +++ b/charts/wazuh/.wazuh-svc.yaml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + external-dns.alpha.kubernetes.io/hostname: master.dev.wazuh.adorsys.team + kubernetes.io/description: wazuh cluster + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + service.beta.kubernetes.io/aws-load-balancer-name: wazuh + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-type: external + labels: + app: wazuh-manager + app.kubernetes.io/instance: wazuh + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: wazuh + app.kubernetes.io/version: 4.9.2 + argocd.argoproj.io/instance: wazuh + dns: route53 + helm.sh/chart: wazuh-helm-0.2.17 + name: wazuh + namespace: wazuh +spec: + loadBalancerClass: service.k8s.aws/nlb + ports: + - name: api + port: 55000 + protocol: TCP + targetPort: 55000 + - name: registration + port: 1515 + protocol: TCP + targetPort: registration + selector: + app: wazuh-manager + node-type: master + app.kubernetes.io/instance: wazuh + app.kubernetes.io/name: wazuh + type: LoadBalancer \ No newline at end of file diff --git a/charts/wazuh/.wazuh-woker-svc.yaml b/charts/wazuh/.wazuh-woker-svc.yaml new file mode 100644 index 0000000..cbba95a --- /dev/null +++ b/charts/wazuh/.wazuh-woker-svc.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + external-dns.alpha.kubernetes.io/hostname: worker.dev.wazuh.adorsys.team + kubernetes.io/description: wazuh cluster + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + service.beta.kubernetes.io/aws-load-balancer-name: wazuh-worker + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-type: external + labels: + app: wazuh-manager + app.kubernetes.io/instance: wazuh + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: wazuh + app.kubernetes.io/version: 4.9.2 + argocd.argoproj.io/instance: wazuh + dns: route53 + helm.sh/chart: wazuh-helm-0.2.17 + name: wazuh-manager + namespace: wazuh +spec: + loadBalancerClass: service.k8s.aws/nlb + ports: + - name: agents-events + port: 1514 + protocol: TCP + targetPort: 1514 + selector: + app: wazuh-manager + node-type: worker + app.kubernetes.io/instance: wazuh + app.kubernetes.io/name: wazuh + type: LoadBalancer \ No newline at end of file From fd36ff53306311f61515ceb3f5429c0f50718673 Mon Sep 17 00:00:00 2001 From: Stephane Segning Lambou Date: Tue, 10 Dec 2024 07:29:07 +0100 Subject: [PATCH 2/2] feat: svc --- charts/wazuh/.dashboard.yaml | 124 --------- charts/wazuh/.wazuh-cluster-svc.yaml | 26 -- charts/wazuh/.wazuh-svc.yaml | 39 --- charts/wazuh/.wazuh-woker-svc.yaml | 35 --- charts/wazuh/Chart.yaml | 2 +- charts/wazuh/files/scripts/backup-indexer.sh | 23 ++ charts/wazuh/files/scripts/backup-manager.sh | 48 ++++ charts/wazuh/files/scripts/certs.json | 1 + charts/wazuh/files/scripts/restor.sh | 34 +++ charts/wazuh/templates/common/svc.yaml | 56 +++++ .../templates/dashboard/deploy.dashboard.yaml | 2 +- .../templates/dashboard/ing.dashboard.yaml | 6 +- .../templates/dashboard/svc.dashboard.yaml | 30 --- .../wazuh/templates/helpers/_cert_config.tpl | 2 +- .../templates/indexer/svc.indexer-api.yaml | 1 - .../wazuh/templates/indexer/svc.indexer.yaml | 1 - .../templates/manager/ing.wazuh-master.yaml | 33 --- .../templates/manager/svc.wazuh-cluster.yaml | 20 -- .../templates/manager/svc.wazuh-manager.yaml | 34 --- .../templates/manager/svc.wazuh-master.yaml | 23 -- charts/wazuh/templates/manager/svc.wazuh.yaml | 33 --- charts/wazuh/values-cleanup.yaml | 45 ---- charts/wazuh/values-eks.yaml | 38 ++- charts/wazuh/values-loadbalancer.yaml | 7 - charts/wazuh/values-mks.yaml | 8 +- charts/wazuh/values.yaml | 237 +++++++++++++----- 26 files changed, 367 insertions(+), 541 deletions(-) delete mode 100644 charts/wazuh/.dashboard.yaml delete mode 100644 charts/wazuh/.wazuh-cluster-svc.yaml delete mode 100644 charts/wazuh/.wazuh-svc.yaml delete mode 100644 charts/wazuh/.wazuh-woker-svc.yaml create mode 100644 charts/wazuh/files/scripts/backup-indexer.sh create mode 100644 charts/wazuh/files/scripts/backup-manager.sh create mode 100644 charts/wazuh/files/scripts/certs.json create mode 100644 charts/wazuh/files/scripts/restor.sh create mode 100644 charts/wazuh/templates/common/svc.yaml delete mode 100644 charts/wazuh/templates/dashboard/svc.dashboard.yaml delete mode 100644 charts/wazuh/templates/manager/ing.wazuh-master.yaml delete mode 100644 charts/wazuh/templates/manager/svc.wazuh-cluster.yaml delete mode 100644 charts/wazuh/templates/manager/svc.wazuh-manager.yaml delete mode 100644 charts/wazuh/templates/manager/svc.wazuh-master.yaml delete mode 100644 charts/wazuh/templates/manager/svc.wazuh.yaml delete mode 100644 charts/wazuh/values-cleanup.yaml delete mode 100644 charts/wazuh/values-loadbalancer.yaml diff --git a/charts/wazuh/.dashboard.yaml b/charts/wazuh/.dashboard.yaml deleted file mode 100644 index 3644406..0000000 --- a/charts/wazuh/.dashboard.yaml +++ /dev/null @@ -1,124 +0,0 @@ -# Please edit the object below. Lines beginning with a '#' will be ignored, -# and an empty file will abort the edit. If an error occurs while saving this file will be -# reopened with the relevant failures. -# -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - deployment.kubernetes.io/revision: "1" - kubernetes.io/description: wazuh cluster - creationTimestamp: "2024-12-05T23:09:28Z" - generation: 1 - labels: - app: wazuh-dashboard - app.kubernetes.io/instance: wazuh - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: wazuh - app.kubernetes.io/version: 4.9.2 - argocd.argoproj.io/instance: wazuh - helm.sh/chart: wazuh-helm-0.2.17 - name: wazuh-dashboard - namespace: wazuh - resourceVersion: "61705941" - uid: 65ef56db-18d8-4538-adb9-72cba05f5a05 -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: wazuh-dashboard - app.kubernetes.io/instance: wazuh - app.kubernetes.io/name: wazuh - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - annotations: - checksum/config: f088c2b4f43d6a6f953129ac6287186bb489e368b6e61e6e62781b1a99bce0de - kubernetes.io/description: wazuh cluster - creationTimestamp: null - labels: - app: wazuh-dashboard - app.kubernetes.io/instance: wazuh - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: wazuh - app.kubernetes.io/version: 4.9.2 - helm.sh/chart: wazuh-helm-0.2.17 - name: wazuh-dashboard - spec: - containers: - - env: - - name: OPENSEARCH_JAVA_OPTS - value: '-Xms2g -Xmx2g -Dlog4j2.formatMsgNoLookups=true' - - name: INDEXER_URL - value: https://wazuh-indexer-api:9200 - - name: WAZUH_API_URL - value: https://wazuh-manager-master-0.wazuh-cluster - - name: SERVER_SSL_ENABLED - value: "true" - - name: SERVER_SSL_CERTIFICATE - value: /usr/share/wazuh-dashboard/certs/dashboard.pem - - name: SERVER_SSL_KEY - value: /usr/share/wazuh-dashboard/certs/dashboard-key.pem - envFrom: - - secretRef: - name: ext-wazuh-indexer-secrets - - secretRef: - name: ext-wazuh-api-credentials - - secretRef: - name: ext-wazuh-dashboard-secrets - image: docker.io/wazuh/wazuh-dashboard:4.9.2 - imagePullPolicy: IfNotPresent - name: wazuh-dashboard - ports: - - containerPort: 5601 - name: dashboard - protocol: TCP - resources: - limits: - cpu: 2000m - memory: 2Gi - requests: - cpu: 1000m - memory: 1Gi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /usr/share/wazuh-dashboard/certs/root-ca.pem - name: root-certs - readOnly: true - subPath: root-ca.pem - - mountPath: /usr/share/wazuh-dashboard/certs/dashboard-key.pem - name: certs - readOnly: true - subPath: dashboard-key.pem - - mountPath: /usr/share/wazuh-dashboard/certs/dashboard.pem - name: certs - readOnly: true - subPath: dashboard.pem - - mountPath: /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - name: config - subPath: opensearch_dashboards.yml - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - terminationGracePeriodSeconds: 30 - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: wazuh-certificates - - name: root-certs - secret: - defaultMode: 420 - secretName: ext-wazuh-root-ca-secrets - - configMap: - defaultMode: 420 - name: wazuh-dashboard-conf - name: config \ No newline at end of file diff --git a/charts/wazuh/.wazuh-cluster-svc.yaml b/charts/wazuh/.wazuh-cluster-svc.yaml deleted file mode 100644 index b0581ae..0000000 --- a/charts/wazuh/.wazuh-cluster-svc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - kubernetes.io/description: wazuh cluster - labels: - app: wazuh-manager - app.kubernetes.io/instance: wazuh - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: wazuh - app.kubernetes.io/version: 4.9.2 - argocd.argoproj.io/instance: wazuh - helm.sh/chart: wazuh-helm-0.2.17 - name: wazuh-master - namespace: wazuh -spec: - ports: - - name: cluster - port: 1516 - protocol: TCP - targetPort: 1516 - clusterIP: None - selector: - app: wazuh-manager - app.kubernetes.io/instance: wazuh - app.kubernetes.io/name: wazuh diff --git a/charts/wazuh/.wazuh-svc.yaml b/charts/wazuh/.wazuh-svc.yaml deleted file mode 100644 index 15b5eb0..0000000 --- a/charts/wazuh/.wazuh-svc.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - external-dns.alpha.kubernetes.io/hostname: master.dev.wazuh.adorsys.team - kubernetes.io/description: wazuh cluster - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-name: wazuh - service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-type: external - labels: - app: wazuh-manager - app.kubernetes.io/instance: wazuh - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: wazuh - app.kubernetes.io/version: 4.9.2 - argocd.argoproj.io/instance: wazuh - dns: route53 - helm.sh/chart: wazuh-helm-0.2.17 - name: wazuh - namespace: wazuh -spec: - loadBalancerClass: service.k8s.aws/nlb - ports: - - name: api - port: 55000 - protocol: TCP - targetPort: 55000 - - name: registration - port: 1515 - protocol: TCP - targetPort: registration - selector: - app: wazuh-manager - node-type: master - app.kubernetes.io/instance: wazuh - app.kubernetes.io/name: wazuh - type: LoadBalancer \ No newline at end of file diff --git a/charts/wazuh/.wazuh-woker-svc.yaml b/charts/wazuh/.wazuh-woker-svc.yaml deleted file mode 100644 index cbba95a..0000000 --- a/charts/wazuh/.wazuh-woker-svc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - external-dns.alpha.kubernetes.io/hostname: worker.dev.wazuh.adorsys.team - kubernetes.io/description: wazuh cluster - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-name: wazuh-worker - service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-type: external - labels: - app: wazuh-manager - app.kubernetes.io/instance: wazuh - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: wazuh - app.kubernetes.io/version: 4.9.2 - argocd.argoproj.io/instance: wazuh - dns: route53 - helm.sh/chart: wazuh-helm-0.2.17 - name: wazuh-manager - namespace: wazuh -spec: - loadBalancerClass: service.k8s.aws/nlb - ports: - - name: agents-events - port: 1514 - protocol: TCP - targetPort: 1514 - selector: - app: wazuh-manager - node-type: worker - app.kubernetes.io/instance: wazuh - app.kubernetes.io/name: wazuh - type: LoadBalancer \ No newline at end of file diff --git a/charts/wazuh/Chart.yaml b/charts/wazuh/Chart.yaml index b73b3ee..ed37254 100644 --- a/charts/wazuh/Chart.yaml +++ b/charts/wazuh/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.20 +version: 0.2.21-rc.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/wazuh/files/scripts/backup-indexer.sh b/charts/wazuh/files/scripts/backup-indexer.sh new file mode 100644 index 0000000..070bd42 --- /dev/null +++ b/charts/wazuh/files/scripts/backup-indexer.sh @@ -0,0 +1,23 @@ +## Initialize the backup folder +bkp_folder=/tmp/wazuh_files_backup +mkdir -p $bkp_folder + +## Backup the host information +cat /etc/*release* > $bkp_folder/host-info.txt + +## Install rsync +yum install -y rsync + +## Backup the Wazuh files +rsync -aREz \ + --ignore-missing-args \ + /etc/wazuh-indexer/certs/ \ + /etc/wazuh-indexer/jvm.options \ + /etc/wazuh-indexer/jvm.options.d \ + /etc/wazuh-indexer/log4j2.properties \ + /etc/wazuh-indexer/opensearch.yml \ + /etc/wazuh-indexer/opensearch.keystore \ + /etc/wazuh-indexer/opensearch-observability/ \ + /etc/wazuh-indexer/opensearch-reports-scheduler/ \ + /etc/wazuh-indexer/opensearch-security/ \ + /usr/lib/sysctl.d/wazuh-indexer.conf $bkp_folder \ No newline at end of file diff --git a/charts/wazuh/files/scripts/backup-manager.sh b/charts/wazuh/files/scripts/backup-manager.sh new file mode 100644 index 0000000..61c1f1b --- /dev/null +++ b/charts/wazuh/files/scripts/backup-manager.sh @@ -0,0 +1,48 @@ +## Initialize the backup folder +bkp_folder=/tmp/wazuh_files_backup +mkdir -p $bkp_folder + +## Backup the host information +cat /etc/*release* > $bkp_folder/host-info.txt + +## Install rsync +yum install -y rsync + +## Backup the Wazuh files +rsync -aREz -v --stats --progress \ + --ignore-missing-args \ + /etc/filebeat/ \ + /etc/postfix/ \ + /var/ossec/api/configuration/ \ + /var/ossec/etc/client.keys \ + /var/ossec/etc/sslmanager* \ + /var/ossec/etc/ossec.conf \ + /var/ossec/etc/internal_options.conf \ + /var/ossec/etc/local_internal_options.conf \ + /var/ossec/etc/rules/local_rules.xml \ + /var/ossec/etc/decoders/local_decoder.xml \ + /var/ossec/etc/shared/ \ + /var/ossec/queue/agentless/ \ + /var/ossec/queue/agents-timestamp \ + /var/ossec/queue/fts/ \ + /var/ossec/queue/rids/ \ + /var/ossec/stats/ \ + /var/ossec/var/multigroups/ \ + $bkp_folder + +## Backup the Wazuh files +rsync -aREz -v --stats --progress \ + /var/ossec/queue/db/ \ + $bkp_folder + + +# Merge the two for loops +for i in {1..20} ; do + if [ $i -lt 10 ]; then + echo "Copying 012.db to 0$i.db" + rsync -aREz -v --stats --progress --ignore-missing-args "/var/ossec/queue/db/00$i.db" $bkp_folder + else + echo "Copying 012.db to $i.db" + rsync -aREz -v --stats --progress --ignore-missing-args "/var/ossec/queue/db/0$i.db" $bkp_folder + fi +done \ No newline at end of file diff --git a/charts/wazuh/files/scripts/certs.json b/charts/wazuh/files/scripts/certs.json new file mode 100644 index 0000000..e2c3ccb --- /dev/null +++ b/charts/wazuh/files/scripts/certs.json @@ -0,0 +1 @@ +{"root-ca.pem":"-----BEGIN CERTIFICATE-----\nMIIDbTCCAlWgAwIBAgIUexcJCKPqBeep6y/4HwVwvOQOurAwDQYJKoZIhvcNAQEL\nBQAwRjELMAkGA1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExEDAOBgNVBAoM\nB0NvbXBhbnkxEDAOBgNVBAMMB3Jvb3QtY2EwHhcNMjQxMDAyMDkzMzU3WhcNMzQw\nOTMwMDkzMzU3WjBGMQswCQYDVQQGEwJVUzETMBEGA1UEBwwKQ2FsaWZvcm5pYTEQ\nMA4GA1UECgwHQ29tcGFueTEQMA4GA1UEAwwHcm9vdC1jYTCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBALbN87VhycF2/XFsQdgVtexkUOFunfQ6RXHYmcOS\nVi/JG0gvzTZQvHBoPU+PXhjEtYO7846oK6EtIyq7CAH79HFz8yQiKwZhQiPFt1YD\nsnAvzfcqqsS64gg0ckvwyuar4PR3cJEzfK0FXnEoy1YIWAC0Kngpr0HYKKmZZ3su\nHLy6CcAybr5YGpTcxpNLSAiK3e84HnElzTy2G0oGEboWSBhyvcLGPdbjim+q9cFR\nESoEC/C6qka4TE1fn4VbZQRznqhsjZgt1I5O+GTLVTgJiUE9Dcip457d+GaptEBd\nrPX3XJXMUyCujhKON4tpO9OzhhZ0EN4aDD8F14BKFRzLDgsCAwEAAaNTMFEwHQYD\nVR0OBBYEFB6eG9pOc1rLmhqEERlept1O9JdZMB8GA1UdIwQYMBaAFB6eG9pOc1rL\nmhqEERlept1O9JdZMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFsJ6RmOUAtNjCEn13SIzz6EB1dgxlWohGXBqcEVwFr7IfVLcYdnD596s57Av16G\nyR+Q/TAmaOVrYGj0UMPjyC0V8r2xLYfnh2YkmUdwz814VyG8DJCUlq4MoMLC9deP\nsab52kIlSPfVhDBDWmwxS0Dfsz0KElsmn8Z0a40OGyCopQH6imIMxYRgv+IXAaVi\nnUL76FGT8ISsynTHxgqh1MJswOSnK4jkEb9+U+NCXE1I4RB/U/EGl6lQrCMHuTu7\nkqQB/PRI1K5wJvm5lWNCUjczkxUgHYl76grXRp4uPwNM6C7A50/B8cXod9Yw0ejX\nAOkg4OcPjjbhOo7MpHSfqX4=\n-----END CERTIFICATE-----","root-ca-key.pem":"-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC2zfO1YcnBdv1x\nbEHYFbXsZFDhbp30OkVx2JnDklYvyRtIL802ULxwaD1Pj14YxLWDu/OOqCuhLSMq\nuwgB+/Rxc/MkIisGYUIjxbdWA7JwL833KqrEuuIINHJL8Mrmq+D0d3CRM3ytBV5x\nKMtWCFgAtCp4Ka9B2CipmWd7Lhy8ugnAMm6+WBqU3MaTS0gIit3vOB5xJc08thtK\nBhG6FkgYcr3Cxj3W44pvqvXBUREqBAvwuqpGuExNX5+FW2UEc56obI2YLdSOTvhk\ny1U4CYlBPQ3IqeOe3fhmqbRAXaz191yVzFMgro4SjjeLaTvTs4YWdBDeGgw/BdeA\nShUcyw4LAgMBAAECggEADsg1qlenfGz2Tpst8d7DkMOF5MzQmgSyQ+P7fxyQupl9\nCsfOxNMfgcl0F8BkoAUcFnR22/TOXmCrhNON8Lcii6AQK75Vk1T/B6x/yEVRQxAi\njBeXqoPgLkCrc2ebyK5iaPJVmHA85zLVcboWQzU2hIwNGR1pzh3AIALHIudWLI6N\nRUwtXs2YLL8fFvxQ894vu38NdIm/7PRJVppeOd1nC9Ry01yJt+F9TZ8y7XcgAHDi\nAAwyvjxEGAFaG97QKfjRegw+kcVBFaznSJ6yq6RdMLsKgktjts1JuVOpqAo6MYzL\nRpfEymuU4AtefRWjSHILO9Bw+qeCtp40nCX5AqRMbQKBgQD7QRbMKEAUOoBsnEhc\nKXJnRuKkG+Iu+v3mgXEoxRieofB1YE7/dFJi+Gru7lDIqlVcr0hLGfsNJ4s9uF8Z\nBWSibUgDNYFwPFJgK8fRQCn5fh8w3ejyFtHQku9KPxlVDKrDwvE4Njirnvgq3MRD\nFdEsXbRSZovPF7X7fTxHdzyB/QKBgQC6QeHN3q0NH6FEuqIFiZYgvFfY43fpYzW3\nYqUmMsTC4pIYeUwT+dQfRcKSiuzjxtG1qNx8q0cMjs1ZEhd3syuDQQaDL+NANu+H\nmqqFYHqugTD7EXO5p+Ge2T2XTn2NFVTE6KPS9EwJc+/G9D92SUGy4Mld8jTIH/9Y\ngTPDttXqpwKBgGenYZ1WGaF+xQ6JpvyGiND8mHG1oylYmLiovCNitJZ1Hnt+APk4\nZui3rX3myWMPimnTUlLRZBX4M2SCFJGA/RRZWzUftMe1yxIr3aKBAxAPrRR+6CQ/\nr82JYLjTsUK6GBTs7pEPJXAABEfCjiFS9dmEyuiXr6P/Fy+qadzd3xONAoGBAJea\nDlACAjrfVuVZP41gSqkEhEBODYkSrmNA0ImB4zN5NU7kU+8iduypXFDo8R4I8yJ4\nelajFqZ7CVuJZT6RwEYKRGG9NaxLyrVGR6teNx0YnKSOtPIVWohv7Djes0SFa0UG\n0mlfXRCIpE78+TavM+GEI4LrJNkLakxAhcC0bfObAoGAeXMvxDXyHUgElzM4aK+M\n91UaDBXcPcRg06ljJdOhh1kgJTd1O4EFSKWBF6uTluCIBeJF+azYZpMVXwdeA0hq\nRMO1Oq57Io9W3qKJ6M9dgHr+chGwKlYLucAK1yizmWXeFeN4yTQw2Akf+0ZDlO0+\nGHpWew24KuI8AWzcVF0UJwI=\n-----END PRIVATE KEY-----"} \ No newline at end of file diff --git a/charts/wazuh/files/scripts/restor.sh b/charts/wazuh/files/scripts/restor.sh new file mode 100644 index 0000000..40f673a --- /dev/null +++ b/charts/wazuh/files/scripts/restor.sh @@ -0,0 +1,34 @@ +cp etc/filebeat/filebeat.reference.yml /etc/filebeat/ +cp etc/filebeat/fields.yml /etc/filebeat/ +cp -r etc/filebeat/modules.d/* /etc/filebeat/modules.d/ +cp -r etc/postfix/* /etc/postfix/ +cp var/ossec/etc/client.keys /var/ossec/etc/ +chown root:wazuh /var/ossec/etc/client.keys +cp -r var/ossec/etc/sslmanager* /var/ossec/etc/ +cp var/ossec/etc/ossec.conf /var/ossec/etc/ +chown root:wazuh /var/ossec/etc/ossec.conf +cp var/ossec/etc/internal_options.conf /var/ossec/etc/ +chown root:wazuh /var/ossec/etc/internal_options.conf +cp var/ossec/etc/local_internal_options.conf /var/ossec/etc/ +chown root:wazuh /var/ossec/etc/local_internal_options.conf +cp -r var/ossec/etc/rules/* /var/ossec/etc/rules/ +chown -R wazuh:wazuh /var/ossec/etc/rules/ +cp -r var/ossec/etc/decoders/* /var/ossec/etc/decoders +chown -R wazuh:wazuh /var/ossec/etc/decoders/ +cp -r var/ossec/etc/shared/* /var/ossec/etc/shared/ +chown -R wazuh:wazuh /var/ossec/etc/shared/ +chown root:wazuh /var/ossec/etc/shared/ar.conf +cp -r var/ossec/logs/* /var/ossec/logs/ +chown -R wazuh:wazuh /var/ossec/logs/ +cp -r var/ossec/queue/agentless/* /var/ossec/queue/agentless/ +chown -R wazuh:wazuh /var/ossec/queue/agentless/ +cp var/ossec/queue/agents-timestamp /var/ossec/queue/ +chown root:wazuh /var/ossec/queue/agents-timestamp +cp -r var/ossec/queue/fts/* /var/ossec/queue/fts/ +chown -R wazuh:wazuh /var/ossec/queue/fts/ +cp -r var/ossec/queue/rids/* /var/ossec/queue/rids/ +chown -R wazuh:wazuh /var/ossec/queue/rids/ +cp -r var/ossec/stats/* /var/ossec/stats/ +chown -R wazuh:wazuh /var/ossec/stats/ +cp -r var/ossec/var/multigroups/* /var/ossec/var/multigroups/ +chown -R wazuh:wazuh /var/ossec/var/multigroups/ \ No newline at end of file diff --git a/charts/wazuh/templates/common/svc.yaml b/charts/wazuh/templates/common/svc.yaml new file mode 100644 index 0000000..2dfcab4 --- /dev/null +++ b/charts/wazuh/templates/common/svc.yaml @@ -0,0 +1,56 @@ +{{ range $name, $val := .Values.svcs -}} +{{- if $val.enabled -}} +{{- with $val }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.tplvalues.render" (dict "value" $name "context" $) }} + namespace: {{ include "common.names.namespace" $ }} + labels: + {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} + annotations: + {{- include "common.annotations.standard" ( dict "customAnnotations" .annotations "context" $ ) | nindent 4 }} +spec: + {{ with .type }} + type: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{ end }} + {{ if eq .type "LoadBalancer" }} + {{ with .loadBalancerClass }} + loadBalancerClass: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{ end }} + {{ end }} + selector: + {{- include "common.labels.matchLabels" $ | nindent 4 }} + {{- include "common.tplvalues.render" (dict "value" .selector "context" $) | nindent 4 -}} + {{ with .ports }} + ports: + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 4 -}} + {{ end }} + {{ with .loadBalancerIP }} + loadBalancerIP: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{- end }} + {{ with .allocateLoadBalancerNodePorts }} + allocateLoadBalancerNodePorts: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{- end }} + {{ with .clusterIP }} + clusterIP: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{ end }} + {{ with .externalTrafficPolicy }} + externalTrafficPolicy: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{ end }} + {{ with .sessionAffinity }} + sessionAffinity: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{ end }} + {{ with .externalName }} + externalName: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{ end }} + {{ with .healthCheckNodePort }} + healthCheckNodePort: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{ end }} + {{ with .publishNotReadyAddresses }} + publishNotReadyAddresses: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{ end }} +--- +{{- end -}} +{{- end -}} +{{- end }} \ No newline at end of file diff --git a/charts/wazuh/templates/dashboard/deploy.dashboard.yaml b/charts/wazuh/templates/dashboard/deploy.dashboard.yaml index 80ac437..a94515c 100644 --- a/charts/wazuh/templates/dashboard/deploy.dashboard.yaml +++ b/charts/wazuh/templates/dashboard/deploy.dashboard.yaml @@ -78,7 +78,7 @@ spec: - name: INDEXER_URL value: 'https://{{ include "common.names.fullname" $ }}-indexer-api:9200' - name: WAZUH_API_URL - value: 'https://{{ include "common.names.fullname" $ }}-manager' + value: 'https://{{ include "common.names.fullname" $ }}' - name: SERVER_SSL_ENABLED value: "true" - name: SERVER_SSL_CERTIFICATE diff --git a/charts/wazuh/templates/dashboard/ing.dashboard.yaml b/charts/wazuh/templates/dashboard/ing.dashboard.yaml index d4a8e1c..7949f9a 100644 --- a/charts/wazuh/templates/dashboard/ing.dashboard.yaml +++ b/charts/wazuh/templates/dashboard/ing.dashboard.yaml @@ -1,4 +1,4 @@ -{{- if and (.Values.dashboard.ingress.enabled) (eq .Values.dashboard.service.type "ClusterIP") }} +{{- if .Values.dashboard.ingress.enabled }} {{ with .Values.dashboard.ingress -}} apiVersion: networking.k8s.io/v1 kind: Ingress @@ -11,7 +11,7 @@ metadata: {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} spec: {{ with .className -}} - ingressClassName: {{ . }} + ingressClassName: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} {{- end }} rules: - host: {{ include "common.tplvalues.render" (dict "value" .host "context" $) }} @@ -23,7 +23,7 @@ spec: service: name: {{ include "common.names.fullname" $ }}-dashboard port: - number: {{ include "common.tplvalues.render" (dict "value" $.Values.dashboard.service.port "context" $) }} + number: {{ include "common.tplvalues.render" (dict "value" .port "context" $) }} tls: - hosts: - {{ include "common.tplvalues.render" (dict "value" .host "context" $) }} diff --git a/charts/wazuh/templates/dashboard/svc.dashboard.yaml b/charts/wazuh/templates/dashboard/svc.dashboard.yaml deleted file mode 100644 index 469bdf9..0000000 --- a/charts/wazuh/templates/dashboard/svc.dashboard.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ with .Values.dashboard.service }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" $ }}-dashboard - namespace: {{ include "common.names.namespace" $ }} - labels: - {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} - app: {{ include "common.names.fullname" $ }}-dashboard - annotations: - {{- include "common.annotations.standard" ( dict "customAnnotations" .annotations "context" $ ) | nindent 4 }} -spec: - type: {{ .type }} - selector: - {{- include "common.labels.matchLabels" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} - app: {{ include "common.names.fullname" $ }}-dashboard - ports: - - name: dashboard - port: {{ include "common.tplvalues.render" (dict "value" .port "context" $) }} - targetPort: {{ include "common.tplvalues.render" (dict "value" .targetPort "context" $) }} - {{ with .loadBalancerIP }} - loadBalancerIP: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} - {{- end }} - {{ with .allocateLoadBalancerNodePorts }} - allocateLoadBalancerNodePorts: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} - {{- end }} - {{ with .clusterIP }} - clusterIP: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} - {{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/wazuh/templates/helpers/_cert_config.tpl b/charts/wazuh/templates/helpers/_cert_config.tpl index 6d7381e..e19bc00 100644 --- a/charts/wazuh/templates/helpers/_cert_config.tpl +++ b/charts/wazuh/templates/helpers/_cert_config.tpl @@ -9,7 +9,7 @@ generate_cert "indexer" \ "{{ include "common.names.fullname" $ }}-indexer-api,*.{{ include "common.names.fullname" $ }}-indexer" generate_cert "server" \ - "{{ include "common.names.fullname" $ }}-manager,*.{{ include "common.names.fullname" $ }}-cluster,{{ include "common.names.fullname" $ }}-master,{{ include "common.names.fullname" $ }},*.{{ include "common.names.fullname" $ }}" + "{{ include "common.names.fullname" $ }}-manager,*.{{ include "common.names.fullname" $ }}-cluster,{{ include "common.names.fullname" $ }}-cluster,{{ include "common.names.fullname" $ }},*.{{ include "common.names.fullname" $ }}" generate_cert "dashboard" \ "{{ include "common.names.fullname" $ }}-dashboard,*.{{ include "common.names.fullname" $ }}-dashboard" diff --git a/charts/wazuh/templates/indexer/svc.indexer-api.yaml b/charts/wazuh/templates/indexer/svc.indexer-api.yaml index 524c117..f9ce1ab 100644 --- a/charts/wazuh/templates/indexer/svc.indexer-api.yaml +++ b/charts/wazuh/templates/indexer/svc.indexer-api.yaml @@ -6,7 +6,6 @@ metadata: namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} - app: {{ include "common.names.fullname" $ }}-indexer annotations: {{- include "common.annotations.standard" ( dict "customAnnotations" .annotations "context" $ ) | nindent 4 }} spec: diff --git a/charts/wazuh/templates/indexer/svc.indexer.yaml b/charts/wazuh/templates/indexer/svc.indexer.yaml index 6c68178..0d6ac2e 100644 --- a/charts/wazuh/templates/indexer/svc.indexer.yaml +++ b/charts/wazuh/templates/indexer/svc.indexer.yaml @@ -9,7 +9,6 @@ metadata: {{- include "common.annotations.standard" ( dict "customAnnotations" .annotations "context" $ ) | nindent 4 }} labels: {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} - app: {{ include "common.names.fullname" $ }}-indexer spec: selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} diff --git a/charts/wazuh/templates/manager/ing.wazuh-master.yaml b/charts/wazuh/templates/manager/ing.wazuh-master.yaml deleted file mode 100644 index f05ddd4..0000000 --- a/charts/wazuh/templates/manager/ing.wazuh-master.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and (.Values.master.ingress.enabled) (eq .Values.master.service.type "ClusterIP") }} -{{ with .Values.master.ingress -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .name }} - namespace: {{ include "common.names.namespace" $ }} - annotations: - {{- include "common.annotations.standard" ( dict "customAnnotations" .additionalAnnotations "context" $ ) | nindent 4 }} - labels: - {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} -spec: - {{ with .className -}} - ingressClassName: {{ . }} - {{- end }} - rules: - - host: {{ include "common.tplvalues.render" (dict "value" .host "context" $) }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "common.names.fullname" $ }}-manager - port: - number: {{ include "common.tplvalues.render" (dict "value" $.Values.master.service.port "context" $) }} - {{ if .tls }} - tls: - - hosts: - - {{ include "common.tplvalues.render" (dict "value" .host "context" $) }} - {{ end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/wazuh/templates/manager/svc.wazuh-cluster.yaml b/charts/wazuh/templates/manager/svc.wazuh-cluster.yaml deleted file mode 100644 index 4465a9b..0000000 --- a/charts/wazuh/templates/manager/svc.wazuh-cluster.yaml +++ /dev/null @@ -1,20 +0,0 @@ - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" $ }}-cluster - namespace: {{ include "common.names.namespace" $ }} - labels: - {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app: {{ include "common.names.fullname" $ }}-manager - annotations: - {{- include "common.annotations.standard" ( dict "customAnnotations" .Values.commonAnnotations "context" $ ) | nindent 4 }} -spec: - selector: - {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app: {{ include "common.names.fullname" $ }}-manager - ports: - - name: cluster - port: 1516 - targetPort: 1516 - clusterIP: None \ No newline at end of file diff --git a/charts/wazuh/templates/manager/svc.wazuh-manager.yaml b/charts/wazuh/templates/manager/svc.wazuh-manager.yaml deleted file mode 100644 index d6313e0..0000000 --- a/charts/wazuh/templates/manager/svc.wazuh-manager.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{ with .Values.master.service }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" $ }}-manager - namespace: {{ include "common.names.namespace" $ }} - labels: - {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} - app: {{ include "common.names.fullname" $ }}-manager - annotations: - {{- include "common.annotations.standard" ( dict "customAnnotations" .annotations "context" $ ) | nindent 4 }} -spec: - {{ with .type }} - type: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} - {{ end }} - {{ if eq .type "LoadBalancer" }} - {{ with .loadBalancerClass }} - loadBalancerClass: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} - {{ end }} - {{ end }} - selector: - {{- include "common.labels.matchLabels" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} - app: {{ include "common.names.fullname" $ }}-manager - node-type: master - ports: - - name: registration - port: 1515 - targetPort: 1515 - protocol: TCP - - name: api - port: 55000 - targetPort: 55000 - protocol: TCP -{{- end -}} \ No newline at end of file diff --git a/charts/wazuh/templates/manager/svc.wazuh-master.yaml b/charts/wazuh/templates/manager/svc.wazuh-master.yaml deleted file mode 100644 index a7692bd..0000000 --- a/charts/wazuh/templates/manager/svc.wazuh-master.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{ with .Values.master.service }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" $ }}-master - namespace: {{ include "common.names.namespace" $ }} - labels: - {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} - app: {{ include "common.names.fullname" $ }}-manager - annotations: - {{- include "common.annotations.standard" ( dict "customAnnotations" .annotations "context" $ ) | nindent 4 }} -spec: - type: ClusterIP - selector: - {{- include "common.labels.matchLabels" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} - app: {{ include "common.names.fullname" $ }}-manager - node-type: master - ports: - - name: api - port: 55000 - targetPort: 55000 - protocol: TCP -{{- end -}} \ No newline at end of file diff --git a/charts/wazuh/templates/manager/svc.wazuh.yaml b/charts/wazuh/templates/manager/svc.wazuh.yaml deleted file mode 100644 index 3341d05..0000000 --- a/charts/wazuh/templates/manager/svc.wazuh.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ with .Values.service }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" $ }} - namespace: {{ include "common.names.namespace" $ }} - labels: - {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} - app: {{ include "common.names.fullname" $ }}-manager - annotations: - {{- include "common.annotations.standard" ( dict "customAnnotations" .annotations "context" $ ) | nindent 4 }} -spec: - {{ with .type }} - type: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} - {{ end }} - {{ if eq .type "LoadBalancer" }} - {{ with .loadBalancerClass }} - loadBalancerClass: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} - {{ end }} - {{ end }} - selector: - {{- include "common.labels.matchLabels" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} - app: {{ include "common.names.fullname" $ }}-manager - ports: - - name: agents-events - port: {{ $.Values.worker.service.port }} - targetPort: agents-events - protocol: TCP - - name: registration - port: {{ $.Values.master.service.port }} - targetPort: registration - protocol: TCP -{{- end -}} \ No newline at end of file diff --git a/charts/wazuh/values-cleanup.yaml b/charts/wazuh/values-cleanup.yaml deleted file mode 100644 index 864e616..0000000 --- a/charts/wazuh/values-cleanup.yaml +++ /dev/null @@ -1,45 +0,0 @@ -worker: - initContainers: - # Cleanup residue files in PV - cleanup-pv: - image: busybox - resources: - requests: - cpu: 50m - memory: 128Mi - limits: - cpu: 100m - memory: 256Mi - command: - - /bin/sh - - -c - - | - set -ex - # Clear any existing files in the persistent volume - rm -rf /var/ossec/* - volumeMounts: - - mountPath: /var/ossec - name: '{{ include "common.names.fullname" $ }}-manager-worker' - -master: - initContainers: - # Cleanup residue files in PV - cleanup-pv: - image: busybox - resources: - requests: - cpu: 50m - memory: 128Mi - limits: - cpu: 100m - memory: 256Mi - command: - - /bin/sh - - -c - - | - set -ex - # Clear any existing files in the persistent volume - rm -rf /var/ossec/* - volumeMounts: - - mountPath: /var/ossec - name: '{{ include "common.names.fullname" $ }}-manager-master' \ No newline at end of file diff --git a/charts/wazuh/values-eks.yaml b/charts/wazuh/values-eks.yaml index 26e94b4..3529c39 100644 --- a/charts/wazuh/values-eks.yaml +++ b/charts/wazuh/values-eks.yaml @@ -1,19 +1,31 @@ global: domain: 'dev.wazuh.adorsys.team' -service: - enabled: true - type: LoadBalancer - loadBalancerClass: service.k8s.aws/nlb - additionalLabels: - dns: route53 - annotations: - service.beta.kubernetes.io/aws-load-balancer-name: '{{ include "common.names.fullname" $ }}' - service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" - service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" - service.beta.kubernetes.io/aws-load-balancer-type: "external" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp" - external-dns.alpha.kubernetes.io/hostname: 'master.{{ .Values.global.domain }}' +svcs: + '{{ include "common.names.fullname" $ }}': + enabled: true + type: LoadBalancer + loadBalancerClass: service.k8s.aws/nlb + additionalLabels: + dns: route53 + annotations: + service.beta.kubernetes.io/aws-load-balancer-name: '{{ include "common.names.fullname" $ }}' + service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" + service.beta.kubernetes.io/aws-load-balancer-type: "external" + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp" + external-dns.alpha.kubernetes.io/hostname: 'master.{{ .Values.global.domain }}' + '{{ include "common.names.fullname" $ }}-worker': + enabled: true + type: LoadBalancer + loadBalancerClass: service.k8s.aws/nlb + annotations: + service.beta.kubernetes.io/aws-load-balancer-name: '{{ include "common.names.fullname" $ }}' + service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" + service.beta.kubernetes.io/aws-load-balancer-type: "external" + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp" + external-dns.alpha.kubernetes.io/hostname: 'master.{{ .Values.global.domain }}' indexer: replicas: 2 diff --git a/charts/wazuh/values-loadbalancer.yaml b/charts/wazuh/values-loadbalancer.yaml deleted file mode 100644 index 9e70cb3..0000000 --- a/charts/wazuh/values-loadbalancer.yaml +++ /dev/null @@ -1,7 +0,0 @@ -dashboard: - service: - type: LoadBalancer - -master: - service: - type: LoadBalancer \ No newline at end of file diff --git a/charts/wazuh/values-mks.yaml b/charts/wazuh/values-mks.yaml index 580b85c..279139e 100644 --- a/charts/wazuh/values-mks.yaml +++ b/charts/wazuh/values-mks.yaml @@ -3,14 +3,14 @@ storageClasses: volumeBindingMode: WaitForFirstConsumer reclaimPolicy: Delete -dashboard: - service: +svcs: + '{{ include "common.names.fullname" $ }}-dashboard': type: LoadBalancer + +dashboard: resources: ~ master: - service: - type: LoadBalancer resources: ~ worker: replicaCount: 1 diff --git a/charts/wazuh/values.yaml b/charts/wazuh/values.yaml index 56e61ab..c5cb2cf 100644 --- a/charts/wazuh/values.yaml +++ b/charts/wazuh/values.yaml @@ -333,24 +333,6 @@ worker: ## ## podManagementPolicy: Parallel - ## - ## - service: - ## - ## - type: ClusterIP - ## - ## - additionalLabels: { } - ## - ## - annotations: { } - ## - ## - loadBalancerClass: "" - ## - ## - port: 1514 ## ## @@ -405,24 +387,6 @@ master: pullSecrets: [ ] ## ## - service: - ## - ## - type: ClusterIP - ## - ## - additionalLabels: { } - ## - ## - annotations: { } - ## - ## - loadBalancerClass: "" - ## - ## - port: 1515 - ## - ## additionalAnnotations: { } ## ## @@ -593,29 +557,7 @@ dashboard: limits: cpu: 400m memory: 1Gi - service: - additionalLabels: { } - ## - ## - type: ClusterIP # LoadBalancer - ## - ## - port: 5601 - ## - ## - targetPort: 5601 - ## - ## - annotations: { } - ## - ## - loadBalancerIP: null - ## - ## - allocateLoadBalancerNodePorts: null - ## - ## - clusterIP: null + ## ## authSecret: ~ @@ -649,29 +591,190 @@ dashboard: ## ## host: "{{ .Values.global.domain }}" + ## + ## + port: 5601 ports: - containerPort: 5601 name: dashboard volumes: [ ] volumeMounts: [ ] - env: [ ] + env: + - name: OPENSEARCH_JAVA_OPTS + value: '-Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true' envFrom: [ ] -## -## -service: + +svcs: ## ## - type: ClusterIP + '{{ include "common.names.fullname" $ }}': + ## + ## + enabled: true + + ## + ## + type: LoadBalancer + + ## + ## + additionalLabels: { } + + ## + ## + annotations: { } + + ## + ## + loadBalancerClass: "" + + ## + ## + clusterIP: ~ + + ## + ## + loadBalancerIP: ~ + + ## + ## + allocateLoadBalancerNodePorts: ~ + + ## + ## + selector: + app: '{{ include "common.names.fullname" $ }}-manager' + node-type: master + + ports: + - name: api + port: 55000 + targetPort: api + protocol: TCP + - name: registration + port: 1515 + targetPort: registration + protocol: TCP + ## ## - additionalLabels: { } + '{{ include "common.names.fullname" $ }}-worker': + ## + ## + enabled: true + + ## + ## + type: LoadBalancer + + ## + ## + additionalLabels: { } + + ## + ## + annotations: { } + + ## + ## + loadBalancerClass: "" + + ## + ## + ports: + - name: agents-events + port: 1514 + targetPort: agents-events + protocol: TCP + + ## + ## + selector: + app: '{{ include "common.names.fullname" $ }}-manager' + node-type: worker + ## ## - annotations: { } + '{{ include "common.names.fullname" $ }}-cluster': + ## + ## + enabled: true + + ## + ## + type: ClusterIP + + ## + ## + additionalLabels: { } + + ## + ## + annotations: { } + + ## + ## + loadBalancerClass: "" + + ## + ## + selector: + app: '{{ include "common.names.fullname" $ }}-manager' + + ## + ## + clusterIP: None + + ## + ## + ports: + - name: cluster + port: 1516 + protocol: TCP + targetPort: cluster + ## ## - loadBalancerClass: "" + '{{ include "common.names.fullname" $ }}-dashboard': + ## + ## + enabled: true + + ## + ## + type: ClusterIP + + ## + ## + additionalLabels: { } + + ## + ## + annotations: { } + + ## + ## + loadBalancerClass: "" + + ## + ## + selector: + ## + ## + app: '{{ include "common.names.fullname" $ }}-dashboard' + + ## + ## + clusterIP: ~ + + ## + ## + ports: + - name: dashboard + port: 5601 + protocol: TCP + targetPort: 5601 ## ##