diff --git a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml index 266e30f..9899a22 100644 --- a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml +++ b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml @@ -24,14 +24,18 @@ spec: app: wazuh-indexer name: wazuh-indexer spec: + securityContext: + fsGroup: 1000 # Set the wazuh-indexer volume permissions so the wazuh-indexer user can use it volumes: - name: indexer-certs secret: secretName: indexer-certs + defaultMode: 0600 - name: indexer-conf configMap: name: indexer-conf + defaultMode: 0600 initContainers: - name: volume-mount-hack image: busybox @@ -84,37 +88,39 @@ spec: - name: DISABLE_INSTALL_DEMO_CONFIG value: 'true' securityContext: + runAsUser: 1000 + runAsGroup: 1000 capabilities: add: ["SYS_CHROOT"] volumeMounts: - name: wazuh-indexer mountPath: /var/lib/wazuh-indexer - name: indexer-certs - mountPath: /usr/share/wazuh-indexer/certs/node-key.pem + mountPath: /usr/share/wazuh-indexer/config/certs/node-key.pem subPath: node-key.pem readOnly: true - name: indexer-certs - mountPath: /usr/share/wazuh-indexer/certs/node.pem + mountPath: /usr/share/wazuh-indexer/config/certs/node.pem subPath: node.pem readOnly: true - name: indexer-certs - mountPath: /usr/share/wazuh-indexer/certs/root-ca.pem + mountPath: /usr/share/wazuh-indexer/config/certs/root-ca.pem subPath: root-ca.pem readOnly: true - name: indexer-certs - mountPath: /usr/share/wazuh-indexer/certs/admin.pem + mountPath: /usr/share/wazuh-indexer/config/certs/admin.pem subPath: admin.pem readOnly: true - name: indexer-certs - mountPath: /usr/share/wazuh-indexer/certs/admin-key.pem + mountPath: /usr/share/wazuh-indexer/config/certs/admin-key.pem subPath: admin-key.pem readOnly: true - name: indexer-conf - mountPath: /usr/share/wazuh-indexer/opensearch.yml + mountPath: /usr/share/wazuh-indexer/config/opensearch.yml subPath: opensearch.yml readOnly: true - name: indexer-conf - mountPath: /usr/share/wazuh-indexer/opensearch-security/internal_users.yml + mountPath: /usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml subPath: internal_users.yml readOnly: true ports: diff --git a/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml b/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml index 1a708a5..a11dba7 100644 --- a/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml +++ b/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml @@ -8,12 +8,12 @@ cluster.initial_master_nodes: node.max_local_storage_nodes: "3" path.data: /var/lib/wazuh-indexer path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem -plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem -plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem -plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem -plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem +plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/node.pem +plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/node-key.pem +plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/node.pem +plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/node-key.pem +plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false