wazuh/wazuh-kubernetes
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-kubernetes.git synced 2025-12-10 00:38:21 -06:00
Code Issues Packages Projects Releases 100 Wiki Activity

Merge pull request #896 from wazuh/enhancement/878-workflow-test-k8s

Browse Source 
New PR Checks
This commit is contained in:
Gonzalo Acuña 2024-11-27 15:47:14 -03:00 committed by GitHub
commit b9e2a67d4e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 308 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

296
.github/workflows/deployment-test.yml vendored
View File

@ -14,9 +14,13 @@ permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
env:
AWS_REGION: us-west-1
CLUSTER_NAMME: test-eks-deploy${{ github.event.number }}
jobs:
EKS_deployment_test:
runs-on: ubuntu-20.04
runs-on: ubuntu-24.04
steps:
- name: Checkout code
uses: actions/checkout@v4
@ -27,7 +31,7 @@ jobs:
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
aws-region: "${{ secrets.AWS_REGION }}"
aws-region: "${{ env.AWS_REGION }}"
- name: Install eksctl
run: |
@ -40,36 +44,36 @@ jobs:
- name: Deploy eks cluster
run: |
eksctl create cluster && \
--name test-eks-deploy-${{ github.event.number }} && \
--with-oidc && \
--region us-east-1 && \
--nodes-min 6 && \
--nodes-max 6 && \
--managed && \
--spot && \
-t t3a.medium && \
eksctl create cluster \
--name ${{ env.CLUSTER_NAMME }} \
--with-oidc \
--region ${{ env.AWS_REGION }} \
--nodes-min 6 \
--nodes-max 6 \
--managed \
--spot \
-t t3a.medium \
--tags "issue=https://github.com/wazuh/wazuh-kubernetes/pull/${{ github.event.number }},team=devops,termination_date=2030-01-01 21:00:00"
- name: Create sa for ebs-csi-controller
run: |
eksctl create iamserviceaccount && \
--name ebs-csi-controller-sa && \
--region us-east-1 && \
--namespace kube-system && \
--cluster test-eks-deploy-${{ github.event.number }} && \
--role-name AmazonEKS_EBS_CSI_DriverRole_test-eks-deploy-${{ github.event.number }} && \
--role-only && \
--attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy && \
eksctl create iamserviceaccount \
--name ebs-csi-controller-sa \
--region ${{ env.AWS_REGION }} \
--namespace kube-system \
--cluster ${{ env.CLUSTER_NAMME }} \
--role-name eksctl-EBS-CSI-DriverRole-${{ env.CLUSTER_NAMME }} \
--role-only \
--attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \
--approve
- name: Install addon aws-ebs-csi-driver into a eks cluster deployed
run: |
eksctl create addon && \
--name aws-ebs-csi-driver && \
--cluster test-eks-deploy-${{ github.event.number }} && \
--region ${{ secrets.AWS_REGION }} && \
--service-account-role-arn arn:aws:iam::567970947422:role/AmazonEKS_EBS_CSI_DriverRole_test-eks-deploy-${{ github.event.number }} && \
eksctl create addon \
--name aws-ebs-csi-driver \
--cluster ${{ env.CLUSTER_NAMME }} \
--region ${{ env.AWS_REGION }} \
--service-account-role-arn arn:aws:iam::567970947422:role/eksctl-EBS-CSI-DriverRole-${{ env.CLUSTER_NAMME }} \
--force
- name: Create Wazuh indexer certificates
@ -81,20 +85,150 @@ jobs:
- name: Deploy Wazuh stack
run: kubectl apply -k envs/eks/
- name: Wait 10 minutes for Wazuh stack startup
run: sleep 10m
- name: View stack status
run: kubectl get all -n wazuh -o wide
- name: View Wazuh dashboard logs
run: kubectl logs $(kubectl get pods -n wazuh | grep wazuh-dashboard | awk '{print $1;}') -n wazuh
- name: View Wazuh indexer 0 logs
run: kubectl logs wazuh-indexer-0 -n wazuh
- name: View Wazuh indexer 1 logs
run: kubectl logs wazuh-indexer-1 -n wazuh
- name: View Wazuh indexer 2 logs
run: kubectl logs wazuh-indexer-2 -n wazuh
- name: View Wazuh manager master logs
run: kubectl logs wazuh-manager-master-0 -n wazuh
- name: View Wazuh manager worker 0 logs
run: kubectl logs wazuh-manager-worker-0 -n wazuh
- name: View Wazuh manager worker 1 logs
run: kubectl logs wazuh-manager-worker-1 -n wazuh
- name: Set Wazuh service URLs
run: |
echo "MANAGER_URL=https://$(kubectl get service wazuh -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):$(kubectl get service wazuh -n wazuh -o jsonpath='{.spec.ports[?(@.port==55000)].port}')" >> $GITHUB_ENV
echo "INDEXER_URL=https://$(kubectl get service indexer -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):$(kubectl get service indexer -n wazuh -o jsonpath='{.spec.ports[?(@.port==9200)].port}')" >> $GITHUB_ENV
echo "DASHBOARD_URL=https://$(kubectl get service dashboard -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):$(kubectl get service dashboard -n wazuh -o jsonpath='{.spec.ports[?(@.port==443)].port}')" >> $GITHUB_ENV
- name: Check Wazuh indexer start
run: |
status_green="`curl -XGET "${{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
if [[ $status_green -eq 1 ]]; then
curl -XGET "${{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s
else
curl -XGET "${{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s
exit 1
fi
status_index="`curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | wc -l`"
status_index_green="`curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`"
if [[ $status_index_green -eq $status_index ]]; then
curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s
else
curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s
exit 1
fi
- name: Check Wazuh indexer nodes
run: |
nodes="`curl -XGET "${{ env.INDEXER_URL }}/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`"
if [[ $nodes -eq 3 ]]; then
echo "Wazuh indexer nodes: ${nodes}"
else
echo "Wazuh indexer nodes: ${nodes}"
exit 1
fi
- name: Check documents into wazuh-alerts index
run: |
docs="`curl -XGET "${{ env.INDEXER_URL }}/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
if [[ $docs -gt 0 ]]; then
echo "wazuh-alerts index documents: ${docs}"
else
echo "wazuh-alerts index documents: ${docs}"
exit 1
fi
- name: Check Wazuh templates
run: |
qty_templates="`curl -XGET "${{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`"
templates="`curl -XGET "${{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`"
if [[ $qty_templates -gt 3 ]]; then
echo "wazuh templates:"
echo "${templates}"
else
echo "wazuh templates:"
echo "${templates}"
exit 1
fi
- name: Check Wazuh manager start
run: |
services="`curl -k -s -X GET "${{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`"
if [[ $services -gt 9 ]]; then
echo "Wazuh Manager Services: ${services}"
echo "OK"
else
echo "Wazuh indexer nodes: ${nodes}"
curl -k -X GET "${{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items
exit 1
fi
env:
TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "${{ env.MANAGER_URL }}/security/user/authenticate?raw=true")
- name: Check Wazuh dashboard service URL
run: |
status=$(curl -XGET --silent ${{ env.DASHBOARD_URL }}/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}')
if [[ $status -eq 200 ]]; then
echo "Wazuh dashboard status: ${status}"
else
echo "Wazuh dashboard status: ${status}"
exit 1
fi
- name: Delete eks cluster
if: always()
run: |
eksctl delete cluster \
--name ${{ env.CLUSTER_NAMME }} \
--region ${{ env.AWS_REGION }}
- name: Delete EBS dynamic volumes
if: always()
run: |
for volume_id in $(aws ec2 describe-volumes \
--region ${{ env.AWS_REGION }} \
--filters Name=tag:KubernetesCluster,Values="${{ env.CLUSTER_NAMME }}" \
--query "Volumes[].VolumeId" \
--output text); do
echo "Eliminando volumen con ID: $volume_id"
aws ec2 delete-volume --region ${{ env.AWS_REGION }} --volume-id $volume_id
done
Local_deployment_test:
runs-on: ubuntu-20.04
runs-on: ubuntu-24.04
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ inputs.BRANCH_VERSION }}
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
- name: free disk space
run: |
sudo swapoff -a
sudo rm -f /swapfile
sudo apt update -y && sudo apt upgrade -y
sudo apt clean
docker rmi $(docker image ls -aq)
df -h
- name: Install Minikube cluster
@ -111,5 +245,113 @@ jobs:
- name: Create Wazuh dashboard certificates
run: wazuh/certs/dashboard_http/generate_certs.sh
- name: Change provisioner for minikube
run: |
sed -i 's/provisioner: microk8s.io\/hostpath/# provisioner: microk8s.io\/hostpath/; s/# provisioner: k8s.io\/minikube-hostpath/provisioner: k8s.io\/minikube-hostpath/' envs/local-env/storage-class.yaml
- name: Deploy Wazuh stack
run: minikube kubectl apply -k envs/local/
run: kubectl apply -k envs/local-env/
- name: Wait 10 minutes for Wazuh stack startup
run: sleep 10m
- name: Start minikube tunnel
run: |
minikube tunnel &> /dev/null &
sleep 30
- name: View stack status
run: kubectl get all -n wazuh -o wide
- name: View Wazuh dashboard logs
run: kubectl logs $(kubectl get pods -n wazuh | grep wazuh-dashboard | awk '{print $1;}') -n wazuh
- name: View Wazuh indexer 0 logs
run: kubectl logs wazuh-indexer-0 -n wazuh
- name: View Wazuh manager master logs
run: kubectl logs wazuh-manager-master-0 -n wazuh
- name: View Wazuh manager worker 0 logs
run: kubectl logs wazuh-manager-worker-0 -n wazuh
- name: Set Wazuh service URLs
run: |
echo "MANAGER_URL=https://$(kubectl get service wazuh -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].ip}'):$(kubectl get service wazuh -n wazuh -o jsonpath='{.spec.ports[?(@.port==55000)].port}')" >> $GITHUB_ENV
echo "INDEXER_URL=https://$(kubectl get service indexer -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].ip}'):$(kubectl get service indexer -n wazuh -o jsonpath='{.spec.ports[?(@.port==9200)].port}')" >> $GITHUB_ENV
echo "DASHBOARD_URL=https://$(kubectl get service dashboard -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].ip}'):$(kubectl get service dashboard -n wazuh -o jsonpath='{.spec.ports[?(@.port==443)].port}')" >> $GITHUB_ENV
- name: Check Wazuh indexer start
run: |
status_green="`curl -XGET "${{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
if [[ $status_green -eq 1 ]]; then
curl -XGET "${{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s
else
curl -XGET "${{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s
exit 1
fi
status_index="`curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | wc -l`"
status_index_green="`curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`"
if [[ $status_index_green -eq $status_index ]]; then
curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s
else
curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s
exit 1
fi
- name: Check Wazuh indexer nodes
run: |
nodes="`curl -XGET "${{ env.INDEXER_URL }}/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`"
if [[ $nodes -eq 1 ]]; then
echo "Wazuh indexer nodes: ${nodes}"
else
echo "Wazuh indexer nodes: ${nodes}"
exit 1
fi
- name: Check documents into wazuh-alerts index
run: |
docs="`curl -XGET "${{ env.INDEXER_URL }}/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
if [[ $docs -gt 0 ]]; then
echo "wazuh-alerts index documents: ${docs}"
else
echo "wazuh-alerts index documents: ${docs}"
exit 1
fi
- name: Check Wazuh templates
run: |
qty_templates="`curl -XGET "${{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`"
templates="`curl -XGET "${{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`"
if [[ $qty_templates -gt 3 ]]; then
echo "wazuh templates:"
echo "${templates}"
else
echo "wazuh templates:"
echo "${templates}"
exit 1
fi
- name: Check Wazuh manager start
run: |
services="`curl -k -s -X GET "${{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`"
if [[ $services -gt 9 ]]; then
echo "Wazuh Manager Services: ${services}"
echo "OK"
else
echo "Wazuh indexer nodes: ${nodes}"
curl -k -X GET "${{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items
exit 1
fi
env:
TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "${{ env.MANAGER_URL }}/security/user/authenticate?raw=true")
- name: Check Wazuh dashboard service URL
run: |
status=$(curl -XGET --silent ${{ env.DASHBOARD_URL }}/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}')
if [[ $status -eq 200 ]]; then
echo "Wazuh dashboard status: ${status}"
else
echo "Wazuh dashboard status: ${status}"
exit 1
fi

42
CHANGELOG.md
View File

@ -6,19 +6,55 @@ All notable changes to this project will be documented in this file.
### Added
- Update to Wazuh version [5.0.0](https://github.com/wazuh/wazuh/blob/v5.0.0/CHANGELOG.md#v500)
- New PR Checks ([#896](https://github.com/wazuh/wazuh-kubernetes/pull/896)) \- (Kubernetes workflow Test)
### Changed
- None
### Fixed
- None
### Deleted
- None
## [4.10.2]
### Added
- Update to Wazuh version [4.10.2](https://github.com/wazuh/wazuh/blob/v4.10.2/CHANGELOG.md#v4101)
- None
### Changed
- None
### Fixed
- None
### Deleted
- None
## [4.10.1]
### Added
- Update to Wazuh version [4.10.1](https://github.com/wazuh/wazuh/blob/v4.10.1/CHANGELOG.md#v4101)
- None
### Changed
- None
### Fixed
- None
### Deleted
- None
## [4.10.0]