mirror of
https://github.com/wazuh/wazuh-kubernetes.git
synced 2025-12-10 16:46:36 -06:00
Add new config path and new permission for conf ans certs files
This commit is contained in:
vcerenu
parent
b6a1d99519
commit
4e9ffe5755
@ -24,14 +24,18 @@ spec:
|
|||||||
app: wazuh-indexer
|
app: wazuh-indexer
|
||||||
name: wazuh-indexer
|
name: wazuh-indexer
|
||||||
spec:
|
spec:
|
||||||
|
securityContext:
|
||||||
|
fsGroup: 1000
|
||||||
# Set the wazuh-indexer volume permissions so the wazuh-indexer user can use it
|
# Set the wazuh-indexer volume permissions so the wazuh-indexer user can use it
|
||||||
volumes:
|
volumes:
|
||||||
- name: indexer-certs
|
- name: indexer-certs
|
||||||
secret:
|
secret:
|
||||||
secretName: indexer-certs
|
secretName: indexer-certs
|
||||||
|
defaultMode: 0600
|
||||||
- name: indexer-conf
|
- name: indexer-conf
|
||||||
configMap:
|
configMap:
|
||||||
name: indexer-conf
|
name: indexer-conf
|
||||||
|
defaultMode: 0600
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: volume-mount-hack
|
- name: volume-mount-hack
|
||||||
image: busybox
|
image: busybox
|
||||||
@ -84,37 +88,39 @@ spec:
|
|||||||
- name: DISABLE_INSTALL_DEMO_CONFIG
|
- name: DISABLE_INSTALL_DEMO_CONFIG
|
||||||
value: 'true'
|
value: 'true'
|
||||||
securityContext:
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
capabilities:
|
capabilities:
|
||||||
add: ["SYS_CHROOT"]
|
add: ["SYS_CHROOT"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: wazuh-indexer
|
- name: wazuh-indexer
|
||||||
mountPath: /var/lib/wazuh-indexer
|
mountPath: /var/lib/wazuh-indexer
|
||||||
- name: indexer-certs
|
- name: indexer-certs
|
||||||
mountPath: /usr/share/wazuh-indexer/certs/node-key.pem
|
mountPath: /usr/share/wazuh-indexer/config/certs/node-key.pem
|
||||||
subPath: node-key.pem
|
subPath: node-key.pem
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: indexer-certs
|
- name: indexer-certs
|
||||||
mountPath: /usr/share/wazuh-indexer/certs/node.pem
|
mountPath: /usr/share/wazuh-indexer/config/certs/node.pem
|
||||||
subPath: node.pem
|
subPath: node.pem
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: indexer-certs
|
- name: indexer-certs
|
||||||
mountPath: /usr/share/wazuh-indexer/certs/root-ca.pem
|
mountPath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
|
||||||
subPath: root-ca.pem
|
subPath: root-ca.pem
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: indexer-certs
|
- name: indexer-certs
|
||||||
mountPath: /usr/share/wazuh-indexer/certs/admin.pem
|
mountPath: /usr/share/wazuh-indexer/config/certs/admin.pem
|
||||||
subPath: admin.pem
|
subPath: admin.pem
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: indexer-certs
|
- name: indexer-certs
|
||||||
mountPath: /usr/share/wazuh-indexer/certs/admin-key.pem
|
mountPath: /usr/share/wazuh-indexer/config/certs/admin-key.pem
|
||||||
subPath: admin-key.pem
|
subPath: admin-key.pem
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: indexer-conf
|
- name: indexer-conf
|
||||||
mountPath: /usr/share/wazuh-indexer/opensearch.yml
|
mountPath: /usr/share/wazuh-indexer/config/opensearch.yml
|
||||||
subPath: opensearch.yml
|
subPath: opensearch.yml
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: indexer-conf
|
- name: indexer-conf
|
||||||
mountPath: /usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
mountPath: /usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
|
||||||
subPath: internal_users.yml
|
subPath: internal_users.yml
|
||||||
readOnly: true
|
readOnly: true
|
||||||
ports:
|
ports:
|
||||||
|
|||||||
@ -8,12 +8,12 @@ cluster.initial_master_nodes:
|
|||||||
node.max_local_storage_nodes: "3"
|
node.max_local_storage_nodes: "3"
|
||||||
path.data: /var/lib/wazuh-indexer
|
path.data: /var/lib/wazuh-indexer
|
||||||
path.logs: /var/log/wazuh-indexer
|
path.logs: /var/log/wazuh-indexer
|
||||||
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
|
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/node.pem
|
||||||
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
|
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/node-key.pem
|
||||||
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
|
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
|
||||||
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
|
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/node.pem
|
||||||
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
|
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/node-key.pem
|
||||||
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
|
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
|
||||||
plugins.security.ssl.http.enabled: true
|
plugins.security.ssl.http.enabled: true
|
||||||
plugins.security.ssl.transport.enforce_hostname_verification: false
|
plugins.security.ssl.transport.enforce_hostname_verification: false
|
||||||
plugins.security.ssl.transport.resolve_hostname: false
|
plugins.security.ssl.transport.resolve_hostname: false
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user