Wazuh Kubernetes

Deploy a Wazuh cluster with a basic indexer and dashboard stack on Kubernetes.

Branches

• master branch contains the latest code, be aware of possible bugs on this branch.
• stable branch on correspond to the last Wazuh stable version.

Documentation

Amazon EKS development

To deploy a cluster on Amazon EKS cluster read the instructions on instructions.md. Note: For Kubernetes version 1.23 or higher, the assignment of an IAM Role is necessary for the CSI driver to function correctly. Within the AWS documentation you can find the instructions for the assignment: https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html The installation of the CSI driver is mandatory for new and old deployments if you are going to use Kubernetes 1.23 for the first time or you need to upgrade the cluster.

Local development

To deploy a cluster on your local environment (like Minikube, Kind or Microk8s) read the instructions on local-environment.md.

Directory structure

├── CHANGELOG.md
├── cleanup.md
├── envs
│   ├── eks
│   │   ├── dashboard-resources.yaml
│   │   ├── indexer-resources.yaml
│   │   ├── kustomization.yml
│   │   ├── storage-class.yaml
│   │   ├── wazuh-master-resources.yaml
│   │   └── wazuh-worker-resources.yaml
│   └── local-env
│       ├── indexer-resources.yaml
│       ├── kustomization.yml
│       ├── storage-class.yaml
│       └── wazuh-resources.yaml
├── instructions.md
├── LICENSE
├── local-environment.md
├── README.md
├── upgrade.md
├── VERSION
└── wazuh
    ├── base
    │   ├── storage-class.yaml
    │   └── wazuh-ns.yaml
    ├── certs
    │   ├── dashboard_http
    │   │   └── generate_certs.sh
    │   └── indexer_cluster
    │       └── generate_certs.sh
    ├── indexer_stack
    │   ├── wazuh-dashboard
    │   │   ├── dashboard_conf
    │   │   │   └── opensearch_dashboards.yml
    │   │   ├── dashboard-deploy.yaml
    │   │   └── dashboard-svc.yaml
    │   └── wazuh-indexer
    │       ├── cluster
    │       │   ├── indexer-api-svc.yaml
    │       │   └── indexer-sts.yaml
    │       ├── indexer_conf
    │       │   ├── internal_users.yml
    │       │   └── opensearch.yml
    │       └── indexer-svc.yaml
    ├── kustomization.yml
    ├── secrets
    │   ├── dashboard-cred-secret.yaml
    │   ├── indexer-cred-secret.yaml
    │   ├── wazuh-api-cred-secret.yaml
    │   ├── wazuh-authd-pass-secret.yaml
    │   └── wazuh-cluster-key-secret.yaml
    └── wazuh_managers
        ├── wazuh-cluster-svc.yaml
        ├── wazuh_conf
        │   ├── master.conf
        │   └── worker.conf
        ├── wazuh-master-sts.yaml
        ├── wazuh-master-svc.yaml
        ├── wazuh-workers-svc.yaml
        └── wazuh-worker-sts.yaml

Contribute

If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users mailing list or the Wazuh Slack community channel to ask questions and participate in discussions.

Credits and Thank you

Based on the previous work from JPLachance coveo/wazuh-kubernetes (2018/11/22).

License and copyright

WAZUH Copyright (C) 2016, Wazuh Inc. (License GPLv2)

References

• Wazuh website