Scaleway implementation for Wazuh Kubernetes
Quick start
Setup the kubernetes cluster
Aller sur https://console.scaleway.com/kapsule/clusters, créer un cluster avec 1 noeuds "Development" (DEV1-L). Ne pas installer de contrôleur "ingress".
Connect to the kubernetes cluster
Enregistrer le fichier "Kubeconfig" propre à votre cluster avec le chemin $HOME/.kube/config (config est le nom du fichier, pas un dossier), ainsi les commandes kubectl et helm permettront de manipuler votre cluster directement.
export KUBECONFIG=/home/nathan/Downloads/kubeconfig-k8s-wazuh.yaml
Install traefik loadbalancer and certificate manager
The configuration allowing to use Let's Encrypt :
helm install --namespace kube-system
helm install traefik traefik/traefik
Expose the kubernetes cluster with Traefik
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml
Create 2 domain records in Scaleway
-
Name : *.wazuh
-
Type : A
-
Dynamic : None
-
TTL : 3600
-
Data : 51.158.56.33 <--- Use the command :
kubectl get svc -n kube-system
-
Name : *.wazuh
-
Type : A
-
Dynamic : None
-
TTL : 3600
-
Data : 51.158.56.33 <--- Use the command :
kubectl get svc -n kube-system
Deploy your configuration
kubectl apply -k envs/kapsule/
Useful commands
- kubectl get pods --namespace wazuh
- kubectl replace -k envs/kapsule
Useful links
Script
export KUBECONFIG=/home/nathan/Downloads/kubeconfig-k8s-wazuh.yaml
helm install traefik traefik/traefik
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml
./wazuh/certs/indexer_cluster/generate_certs.sh
./wazuh/certs/dashboard_http/generate_certs.sh
kubectl get svc -n kube-system
kubectl get svc -n wazuh
Wazuh Kubernetes - Default product documentation
Deploy a Wazuh cluster with a basic indexer and dashboard stack on Kubernetes.
Branches
-
master
branch contains the latest code, be aware of possible bugs on this branch. -
stable
branch on correspond to the last Wazuh stable version.
Documentation
The instructions.md file describes how to deploy Wazuh on Kubernetes.
Directory structure
├── CHANGELOG.md
├── cleanup.md
├── envs
│ ├── eks
│ │ ├── dashboard-resources.yaml
│ │ ├── indexer-resources.yaml
│ │ ├── kustomization.yml
│ │ ├── storage-class.yaml
│ │ ├── wazuh-master-resources.yaml
│ │ └── wazuh-worker-resources.yaml
│ └── local-env
│ ├── indexer-resources.yaml
│ ├── kustomization.yml
│ ├── storage-class.yaml
│ └── wazuh-resources.yaml
├── instructions.md
├── LICENSE
├── local-environment.md
├── README.md
├── upgrade.md
├── VERSION
└── wazuh
├── base
│ ├── storage-class.yaml
│ └── wazuh-ns.yaml
├── certs
│ ├── dashboard_http
│ │ └── generate_certs.sh
│ └── indexer_cluster
│ └── generate_certs.sh
├── indexer_stack
│ ├── wazuh-dashboard
│ │ ├── dashboard_conf
│ │ │ └── opensearch_dashboards.yml
│ │ ├── dashboard-deploy.yaml
│ │ └── dashboard-svc.yaml
│ └── wazuh-indexer
│ ├── cluster
│ │ ├── indexer-api-svc.yaml
│ │ └── indexer-sts.yaml
│ ├── indexer_conf
│ │ ├── internal_users.yml
│ │ └── opensearch.yml
│ └── indexer-svc.yaml
├── kustomization.yml
├── secrets
│ ├── dashboard-cred-secret.yaml
│ ├── indexer-cred-secret.yaml
│ ├── wazuh-api-cred-secret.yaml
│ ├── wazuh-authd-pass-secret.yaml
│ └── wazuh-cluster-key-secret.yaml
└── wazuh_managers
├── wazuh-cluster-svc.yaml
├── wazuh_conf
│ ├── master.conf
│ └── worker.conf
├── wazuh-master-sts.yaml
├── wazuh-master-svc.yaml
├── wazuh-workers-svc.yaml
└── wazuh-worker-sts.yaml
Branches
-
master
branch contains the latest code, be aware of possible bugs on this branch. -
stable
branch on correspond to the last Wazuh stable version.
Local development
To deploy a cluster on your local environment (like Minikube, Kind or Microk8s) read the instructions on local-environment.md.
Contribute
If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users mailing list or the Wazuh Slack community channel to ask questions and participate in discussions.
Credits and Thank you
Based on the previous work from JPLachance coveo/wazuh-kubernetes (2018/11/22).
License and copyright
WAZUH Copyright (C) 2016, Wazuh Inc. (License GPLv2)