Skip to content

Commit

Permalink
try issue wazuh#318
Browse files Browse the repository at this point in the history
  • Loading branch information
@Facu-hub-code
Facu-hub-code committed Jun 19, 2024
1 parent 9aa04ce commit 1afb112
Show file tree
Hide file tree
Showing 8 changed files with 62 additions and 152 deletions.
38 changes: 4 additions & 34 deletions wazuh/certs/indexer_cluster/generate_certs.sh
View file
Original file line number Diff line number Diff line change
@@ -1,33 +1,3 @@
#!/bin/bash

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
cd $DIR

echo "Root CA"

openssl genrsa -out root-ca-key.pem 2048

openssl req -days 3650 -new -x509 -sha256 -key root-ca-key.pem -out root-ca.pem -subj "/C=US/L=California/O=Company/CN=root-ca"

echo "Admin cert"

echo "create: admin-key-temp.pem"

openssl genrsa -out admin-key-temp.pem 2048

echo "create: admin-key.pem"

openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem

echo "create: admin.csr"

openssl req -days 3650 -new -key admin-key.pem -out admin.csr -subj "/C=US/L=California/O=Company/CN=admin"

echo "create: admin.pem"

openssl x509 -req -days 3650 -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem


echo "* Node cert"

echo "create: node-key-temp.pem"
Expand All @@ -40,7 +10,7 @@ openssl pkcs8 -inform PEM -outform PEM -in node-key-temp.pem -topk8 -nocrypt -v1

echo "create: node.csr"

openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=indexer"
openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=wazuh-internal-lb"

echo "create: node.pem"

Expand All @@ -58,7 +28,7 @@ openssl pkcs8 -inform PEM -outform PEM -in dashboard-key-temp.pem -topk8 -nocryp

echo "create: dashboard.csr"

openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=dashboard"
openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"

echo "create: dashboard.pem"

Expand All @@ -78,8 +48,8 @@ openssl pkcs8 -inform PEM -outform PEM -in filebeat-key-temp.pem -topk8 -nocrypt

echo "create: filebeat.csr"

openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=filebeat"
openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"

echo "create: filebeat.pem"

openssl x509 -req -days 3650 -in filebeat.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out filebeat.pem
openssl x509 -req -days 3650 -in filebeat.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out filebeat.pem
7 changes: 4 additions & 3 deletions wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ spec:
replicas: 1
selector:
matchLabels:
app: wazuh-dashboard
app: wazuh-dashboard # Puede que alla que sacarlo
lbtype: external / internal
template:
metadata:
labels:
Expand Down Expand Up @@ -59,7 +60,7 @@ spec:
name: dashboard
env:
- name: INDEXER_URL
value: 'https://indexer:9200'
value: 'https://wazuh-internal-lb:9200'
- name: INDEXER_USERNAME
valueFrom:
secretKeyRef:
Expand Down Expand Up @@ -87,7 +88,7 @@ spec:
- name: SERVER_SSL_KEY
value: /usr/share/wazuh-dashboard/certs/key.pem
- name: WAZUH_API_URL
value: https://wazuh-manager-master-0.wazuh-cluster
value: https://wazuh-external-lb
- name: API_USERNAME
valueFrom:
secretKeyRef:
Expand Down
30 changes: 0 additions & 30 deletions wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml
View file

This file was deleted.

32 changes: 32 additions & 0 deletions wazuh/indexer_stack/wazuh-dashboard/lb-external.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
apiVersion: v1
kind: Service
metadata:
name: wazuh-external-lb
namespace: wazuh
annotations:
domainName: 'risesiem.marveladvisors.com'
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: 'arn:aws:acm:us-west-1:590183765660:certificate/7efcf31c-9ad5-48fa-a162-79dfcdf79484'
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
service.beta.kubernetes.io/aws-load-balancer-name: wazuh-external-lb
spec:
type: LoadBalancer
ports:
- name: manager-worker-agents-events
port: 1514
targetPort: agents-events
- name: manager-cluster
port: 1516
targetPort: cluster-port
- name: manager-master-registration
port: 1515
targetPort: registration
- name: manager-master-api
port: 55000
targetPort: api-port
- name: dashboard
port: 443
targetPort: dashboard-port
selector:
lbtype: external
22 changes: 22 additions & 0 deletions wazuh/indexer_stack/wazuh-dashboard/lb-internal.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
apiVersion: v1
kind: Service
metadata:
name: wazuh-internal-lb
namespace: wazuh
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: internal
service.beta.kubernetes.io/aws-load-balancer-scheme: internal
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
service.beta.kubernetes.io/aws-load-balancer-name: wazuh-internal-lb
spec:
type: LoadBalancer
ports:
- name: indexer-rest
port: 9200
targetPort: indexer-rest
- name: indexer-nodes
port: 9300
targetPort: indexer-nodes
selector:
lbtype: internal
app: wazuh-indexer
24 changes: 0 additions & 24 deletions wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
View file

This file was deleted.

32 changes: 0 additions & 32 deletions wazuh/wazuh_managers/wazuh-master-svc.yaml
View file

This file was deleted.

29 changes: 0 additions & 29 deletions wazuh/wazuh_managers/wazuh-workers-svc.yaml
View file

This file was deleted.

0 comments on commit 1afb112

Please sign in to comment.