wazuh/wazuh-kubernetes
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-kubernetes.git synced 2025-12-10 00:38:21 -06:00
Code Issues Packages Projects Releases 100 Wiki Activity

Add new config path and new permission for conf ans certs files

Browse Source
This commit is contained in:
vcerenu 2025-08-05 15:24:47 -03:00
parent b6a1d99519
commit 4e9ffe5755
No known key found for this signature in database
GPG Key ID: 4D7B159107F1244A
2 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
View File

@ -24,14 +24,18 @@ spec:
app: wazuh-indexer
name: wazuh-indexer
spec:
securityContext:
fsGroup: 1000
# Set the wazuh-indexer volume permissions so the wazuh-indexer user can use it
volumes:
- name: indexer-certs
secret:
secretName: indexer-certs
defaultMode: 0600
- name: indexer-conf
configMap:
name: indexer-conf
defaultMode: 0600
initContainers:
- name: volume-mount-hack
image: busybox
@ -84,37 +88,39 @@ spec:
- name: DISABLE_INSTALL_DEMO_CONFIG
value: 'true'
securityContext:
runAsUser: 1000
runAsGroup: 1000
capabilities:
add: ["SYS_CHROOT"]
volumeMounts:
- name: wazuh-indexer
mountPath: /var/lib/wazuh-indexer
- name: indexer-certs
mountPath: /usr/share/wazuh-indexer/certs/node-key.pem
mountPath: /usr/share/wazuh-indexer/config/certs/node-key.pem
subPath: node-key.pem
readOnly: true
- name: indexer-certs
mountPath: /usr/share/wazuh-indexer/certs/node.pem
mountPath: /usr/share/wazuh-indexer/config/certs/node.pem
subPath: node.pem
readOnly: true
- name: indexer-certs
mountPath: /usr/share/wazuh-indexer/certs/root-ca.pem
mountPath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
subPath: root-ca.pem
readOnly: true
- name: indexer-certs
mountPath: /usr/share/wazuh-indexer/certs/admin.pem
mountPath: /usr/share/wazuh-indexer/config/certs/admin.pem
subPath: admin.pem
readOnly: true
- name: indexer-certs
mountPath: /usr/share/wazuh-indexer/certs/admin-key.pem
mountPath: /usr/share/wazuh-indexer/config/certs/admin-key.pem
subPath: admin-key.pem
readOnly: true
- name: indexer-conf
mountPath: /usr/share/wazuh-indexer/opensearch.yml
mountPath: /usr/share/wazuh-indexer/config/opensearch.yml
subPath: opensearch.yml
readOnly: true
- name: indexer-conf
mountPath: /usr/share/wazuh-indexer/opensearch-security/internal_users.yml
mountPath: /usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
subPath: internal_users.yml
readOnly: true
ports:

12
wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
View File

@ -8,12 +8,12 @@ cluster.initial_master_nodes:
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/node.pem
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/node-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/node.pem
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/node-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false