Nginx and SSL improvements (#18)

elastic_stack/kibana/nginx-deploy.yaml

@@ -36,6 +36,10 @@ spec:
           env:
             - name: NGINX_PORT
               value: '443'
+            - name: NGINX_NAME
+              value: 'user_changeMe'
+            - name: NGINX_PWD
+              value: 'password_changeMe'
           ports:
             - containerPort: 80
             - containerPort: 443

elastic_stack/kibana/nginx-svc.yaml

@@ -16,19 +16,15 @@ metadata:
     app: wazuh-nginx
     # dns: route53
   annotations:
-    # domainName: 'wazuh.some-domain.com'  # TODO: Change this for a Hosted Zone you configured in AWS Route 53
-    service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
-    # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: 'put_your_aws_acm_certificate_arn_here'
+    # domainName: 'changeme'
+    # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: 'changeme'
     service.beta.kubernetes.io/aws-load-balancer-ssl-ports: '443'
-    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
 spec:
   type: LoadBalancer
   selector:
     app: wazuh-nginx
   ports:
-    - name: web-http
-      port: 80
-      targetPort: 80
     - name: web-https
       port: 443
       targetPort: 443

wazuh_managers/wazuh-cluster-svc.yaml

@@ -18,7 +18,7 @@ spec:
   selector:
     app: wazuh-manager
   ports:
-    - name: wazuh-clusterd
+    - name: cluster
       port: 1516
       targetPort: 1516
   clusterIP: None

wazuh_managers/wazuh-master-sts.yaml

@@ -52,11 +52,11 @@ spec:
               mountPath: /etc/postfix
           ports:
             - containerPort: 1515
-              name: ossec-authd
+              name: registration
             - containerPort: 1516
-              name: wazuh-clusterd
+              name: cluster
             - containerPort: 55000
-              name: wazuh-api
+              name: api
   volumeClaimTemplates:
     - metadata:
         name: wazuh-manager-master
@@ -67,4 +67,4 @@ spec:
         storageClassName: gp2-encrypted-retained
         resources:
           requests:
-            storage: 10Gi
+            storage: 50Gi

wazuh_managers/wazuh-master-svc.yaml

@@ -16,20 +16,17 @@ metadata:
     app: wazuh-manager
     # dns: route53
   annotations:
-    # domainName: 'wazuh-master.some-domain.com'  # TODO: Change this for a Hosted Zone you configured in AWS Route 53
-    service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
-    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-    # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: 'put_your_aws_acm_certificate_arn_here' # TODO: Change this for the certificate for your Hosted Zone
-    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: '55000'
+    # domainName: 'changeme'
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
 spec:
   type: LoadBalancer
   selector:
     app: wazuh-manager
     node-type: master
   ports:
-    - name: ossec-authd
+    - name: registration
       port: 1515
       targetPort: 1515
-    - name: wazuh-api
+    - name: api
       port: 55000
       targetPort: 55000

wazuh_managers/wazuh-worker-0-sts.yaml

@@ -68,7 +68,7 @@ spec:
             - containerPort: 1514
               name: agents-events
             - containerPort: 1516
-              name: wazuh-clusterd
+              name: cluster
   volumeClaimTemplates:
     - metadata:
         name: wazuh-manager-worker

wazuh_managers/wazuh-worker-1-sts.yaml

@@ -68,7 +68,7 @@ spec:
             - containerPort: 1514
               name: agents-events
             - containerPort: 1516
-              name: wazuh-clusterd
+              name: cluster
   volumeClaimTemplates:
     - metadata:
         name: wazuh-manager-worker