From c30ac38ab7432697ae0fa2658d75771da06a69af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 17 Mar 2022 16:11:13 -0300 Subject: [PATCH] Changes related to docker images updates --- .../wazuh-dashboard/dashboard-deploy.yaml | 14 +++++++++----- .../dashboard_conf/opensearch_dashboards.yml | 6 +++--- .../wazuh-indexer/cluster/indexer-sts.yaml | 12 ++++++------ .../wazuh-indexer/indexer_conf/opensearch.yml | 12 ++++++------ wazuh/kustomization.yml | 1 + wazuh/wazuh_managers/wazuh-master-sts.yaml | 2 +- wazuh/wazuh_managers/wazuh-worker-sts.yaml | 2 +- 7 files changed, 27 insertions(+), 22 deletions(-) diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml b/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml index 8fecd35..f497a90 100644 --- a/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml +++ b/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml @@ -39,17 +39,21 @@ spec: memory: 1Gi volumeMounts: - name: config - mountPath: /usr/share/wazuh-dashboard/opensearch_dashboards.yml + mountPath: /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml subPath: opensearch_dashboards.yml readOnly: false - name: dashboard-certs - mountPath: /usr/share/wazuh-dashboard/certs/cert.pem + mountPath: /usr/share/wazuh-dashboard/config/certs/cert.pem readOnly: true subPath: cert.pem - name: dashboard-certs - mountPath: /usr/share/wazuh-dashboard/certs/key.pem + mountPath: /usr/share/wazuh-dashboard/config/certs/key.pem readOnly: true subPath: key.pem + - name: dashboard-certs + mountPath: /usr/share/wazuh-dashboard/config/certs/root-ca.pem + subPath: root-ca.pem + readOnly: true ports: - containerPort: 5601 name: dashboard @@ -69,9 +73,9 @@ spec: - name: SERVER_SSL_ENABLED value: "true" - name: SERVER_SSL_CERTIFICATE - value: /usr/share/wazuh-dashboard/certs/cert.pem + value: /usr/share/wazuh-dashboard/config/certs/cert.pem - name: SERVER_SSL_KEY - value: /usr/share/wazuh-dashboard/certs/key.pem + value: /usr/share/wazuh-dashboard/config/certs/key.pem - name: WAZUH_API_URL value: https://wazuh-manager-master-0.wazuh-cluster - name: API_USERNAME diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml b/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml index 037c26d..3acbd4b 100644 --- a/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml +++ b/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml @@ -8,7 +8,7 @@ opensearch_security.multitenancy.enabled: true opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true -server.ssl.key: "/etc/wazuh-dashboard/certs/key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/cert.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] +server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/key.pem" +server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/cert.pem" +opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"] uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global \ No newline at end of file diff --git a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml index 1ef196d..512a2ad 100644 --- a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml +++ b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml @@ -90,27 +90,27 @@ spec: - name: wazuh-indexer mountPath: /usr/share/wazuh-indexer/data - name: indexer-certs - mountPath: /usr/share/wazuh-indexer/certs/node-key.pem + mountPath: /usr/share/wazuh-indexer/config/certs/node-key.pem subPath: node-key.pem readOnly: true - name: indexer-certs - mountPath: /usr/share/wazuh-indexer/certs/node.pem + mountPath: /usr/share/wazuh-indexer/config/certs/node.pem subPath: node.pem readOnly: true - name: indexer-certs - mountPath: /usr/share/wazuh-indexer/certs/root-ca.pem + mountPath: /usr/share/wazuh-indexer/config/certs/root-ca.pem subPath: root-ca.pem readOnly: true - name: indexer-certs - mountPath: /usr/share/wazuh-indexer/certs/admin.pem + mountPath: /usr/share/wazuh-indexer/config/certs/admin.pem subPath: admin.pem readOnly: true - name: indexer-certs - mountPath: /usr/share/wazuh-indexer/certs/admin-key.pem + mountPath: /usr/share/wazuh-indexer/config/certs/admin-key.pem subPath: admin-key.pem readOnly: true - name: indexer-conf - mountPath: /usr/share/wazuh-indexer/opensearch.yml + mountPath: /usr/share/wazuh-indexer/config/opensearch.yml subPath: opensearch.yml readOnly: true - name: indexer-conf diff --git a/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml b/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml index b7d9dec..6792771 100644 --- a/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml +++ b/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml @@ -8,12 +8,12 @@ cluster.initial_master_nodes: node.max_local_storage_nodes: "3" path.data: /var/lib/wazuh-indexer path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem -plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem -plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem -plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem -plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem +plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/node.pem +plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/node-key.pem +plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/node.pem +plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/node-key.pem +plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false diff --git a/wazuh/kustomization.yml b/wazuh/kustomization.yml index efecc69..0bc6be6 100644 --- a/wazuh/kustomization.yml +++ b/wazuh/kustomization.yml @@ -27,6 +27,7 @@ secretGenerator: files: - certs/dashboard_http/cert.pem - certs/dashboard_http/key.pem + - certs/indexer_cluster/root-ca.pem configMapGenerator: - name: indexer-conf diff --git a/wazuh/wazuh_managers/wazuh-master-sts.yaml b/wazuh/wazuh_managers/wazuh-master-sts.yaml index 97a4f40..533a2ee 100644 --- a/wazuh/wazuh_managers/wazuh-master-sts.yaml +++ b/wazuh/wazuh_managers/wazuh-master-sts.yaml @@ -122,7 +122,7 @@ spec: name: indexer-cred key: password - name: FILEBEAT_SSL_VERIFICATION_MODE - value: 'none' + value: 'full' - name: SSL_CERTIFICATE_AUTHORITIES value: /etc/ssl/root-ca.pem - name: SSL_CERTIFICATE diff --git a/wazuh/wazuh_managers/wazuh-worker-sts.yaml b/wazuh/wazuh_managers/wazuh-worker-sts.yaml index 0f5b605..f2a4754 100644 --- a/wazuh/wazuh_managers/wazuh-worker-sts.yaml +++ b/wazuh/wazuh_managers/wazuh-worker-sts.yaml @@ -119,7 +119,7 @@ spec: name: indexer-cred key: password - name: FILEBEAT_SSL_VERIFICATION_MODE - value: 'none' + value: 'full' - name: SSL_CERTIFICATE_AUTHORITIES value: /etc/ssl/root-ca.pem - name: SSL_CERTIFICATE