wazuh/wazuh-kubernetes
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-kubernetes.git synced 2025-12-10 16:46:36 -06:00
Code Issues Packages Projects Releases 100 Wiki Activity

Remove Logstash from repository

Browse Source
This commit is contained in:
anonymous 2019-08-21 10:25:11 +02:00
parent d2715a1c1e
commit dae6c2f169
6 changed files with 12 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -36,11 +36,7 @@ The *instructions.md* file describes how to deploy Wazuh on Kubernetes.
│ │ │ ├── kibana-svc.yaml
│ │ │ ├── nginx-deploy.yaml
│ │ │ ├── nginx-svc.yaml
│ │
│ │ ├── logstash
│ │ │ ├── logstash-deploy.yaml
│ │ │ ├── logstash-svc.yaml
| |
│ ├── wazuh_managers
│ │ ├── wazuh-cluster-svc.yaml
│ │ ├── wazuh-master-conf.yaml

53
cleanup.md
View File

@ -15,7 +15,6 @@ ubuntu@k8s-control-server:~$ kubectl get pods --namespace wazuh
NAME READY STATUS RESTARTS AGE
wazuh-elasticsearch-0 1/1 Running 0 6d
wazuh-kibana-78cb4bbb7-xf4s8 1/1 Running 0 6d
wazuh-logstash-646689f76f-lcf8b 1/1 Running 0 6d
wazuh-manager-master-0 1/1 Running 0 6d
wazuh-manager-worker-0-0 1/1 Running 0 6d
wazuh-manager-worker-1-0 1/1 Running 0 6d
@ -46,7 +45,6 @@ ubuntu@k8s-control-server:~$ kubectl get services --namespace wazuh
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
elasticsearch ClusterIP 172.20.247.17 <none> 9200/TCP 6d
kibana ClusterIP 172.20.121.19 <none> 5601/TCP 6d
logstash ClusterIP 172.20.160.68 <none> 5000/TCP 6d
wazuh LoadBalancer 172.20.240.162 internal-ae32... 1515:30732/TCP,55000:30839/TCP 6d
wazuh-cluster ClusterIP None <none> 1516/TCP 6d
wazuh-elasticsearch ClusterIP None <none> 9300/TCP 6d
@ -180,7 +178,6 @@ ubuntu@k8s-control-server:~$ kubectl get pods --namespace wazuh
NAME READY STATUS RESTARTS AGE
wazuh-elasticsearch-0 1/1 Running 0 6d
wazuh-kibana-78cb4bbb7-xf4s8 1/1 Running 0 6d
wazuh-logstash-646689f76f-lcf8b 1/1 Running 0 6d
wazuh-nginx-57c8c65486-7crh2 1/1 Running 0 6d
```
@ -195,7 +192,6 @@ ubuntu@k8s-control-server:~$ kubectl get services --namespace wazuh
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
elasticsearch ClusterIP 172.20.247.17 <none> 9200/TCP 6d
kibana ClusterIP 172.20.121.19 <none> 5601/TCP 6d
logstash ClusterIP 172.20.160.68 <none> 5000/TCP 6d
wazuh-elasticsearch ClusterIP None <none> 9300/TCP 6d
wazuh-nginx LoadBalancer 172.20.166.239 internal-ac0c... 80:30409/TCP,443:32575/TCP 6d
```
@ -251,55 +247,6 @@ ubuntu@k8s-control-server:~$ kubectl delete persistentvolume pvc-b3226ad3-f7c4-1
#### Do not forget to delete the volumes manually in AWS.
## Logstash
To clean the Logstash installation remove the Logstash deployments and services.
### 1. The first step is to remove the pods corresponding to Logstash.
```
ubuntu@k8s-control-server:~$ kubectl get pods --namespace wazuh
NAME READY STATUS RESTARTS AGE
wazuh-kibana-78cb4bbb7-xf4s8 1/1 Running 0 6d
wazuh-logstash-646689f76f-lcf8b 1/1 Running 0 6d
wazuh-nginx-57c8c65486-7crh2 1/1 Running 0 6d
```
```
ubuntu@k8s-control-server:~$ kubectl delete pod wazuh-logstash-646689f76f-lcf8b --namespace wazuh
```
### 2. Next remove the services related to Logstash.
```
ubuntu@k8s-control-server:~$ kubectl get services --namespace wazuh
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kibana ClusterIP 172.20.121.19 <none> 5601/TCP 6d
logstash ClusterIP 172.20.160.68 <none> 5000/TCP 6d
wazuh-nginx LoadBalancer 172.20.166.239 internal-ac0c... 80:30409/TCP,443:32575/TCP 6d
```
```
ubuntu@k8s-control-server:~$ kubectl delete service logstash --namespace wazuh
```
### 3. Finally eliminate the deployment.
```
ubuntu@k8s-control-server:~$ kubectl get deploy --namespace wazuh
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
wazuh-kibana 1 1 1 1 6d
wazuh-logstash 1 1 1 1 6d
wazuh-nginx 1 1 1 1 6d
```
```
ubuntu@k8s-control-server:~$ kubectl delete deploy wazuh-logstash --namespace wazuh
```
## Kibana and Nginx
To clean the Kibana and Nginx installation remove their deployments and services.

40
elastic_stack/logstash/logstash-deploy.yaml
View File

@ -1,40 +0,0 @@
# Copyright (C) 2018 Wazuh Inc.
#
# This program is a free software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License (version 2) as published by the FSF - Free Software
# Foundation.
# Logstash Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: wazuh-logstash
namespace: wazuh
spec:
replicas: 1
selector:
matchLabels:
app: wazuh-logstash
template:
metadata:
labels:
app: wazuh-logstash
name: wazuh-logstash
spec:
containers:
- name: wazuh-logstash
image: 'wazuh/wazuh-logstash:3.9.4_6.8.2'
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 1
memory: 1.5Gi
env:
- name: LS_JAVA_OPTS
value: '-Xmx1g -Xms512m'
ports:
- containerPort: 5000

23
elastic_stack/logstash/logstash-svc.yaml
View File

@ -1,23 +0,0 @@
# Copyright (C) 2018 Wazuh Inc.
#
# This program is a free software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License (version 2) as published by the FSF - Free Software
# Foundation.
# Logstash Service
apiVersion: v1
kind: Service
metadata:
name: logstash
namespace: wazuh
labels:
app: wazuh-logstash
spec:
selector:
app: wazuh-logstash
ports:
- name: beats
port: 5000
targetPort: 5000

40
instructions.md
View File

@ -19,7 +19,7 @@ Like a Deployment, a StatefulSet manages Pods that are based on an identical con
It is useful for stateful applications like databases that save the data to a persistent storage. The states of each Wazuh manager as well as Elasticsearch are desirable to maintain, so we declare them using StatefulSet to ensure that they maintain their states in every startup.
Deployments are intended for stateless use and are quite lightweight and seem to be appropriate for Logstash, Kibana and Nginx, where it is not necessary to maintain the states.
Deployments are intended for stateless use and are quite lightweight and seem to be appropriate for Kibana and Nginx, where it is not necessary to maintain the states.
### Pods
@ -29,7 +29,7 @@ This pod contains the master node of the Wazuh cluster. The master node centrali
The management is performed only in this node, so the agent registration service (authd) and the API are placed here.
Details:
- Image: Docker Hub 'wazuh/wazuh:3.9.4_6.8.2'
- Image: Docker Hub 'wazuh/wazuh:3.9.4_7.1.0'
- Controller: StatefulSet
#### Wazuh worker 0 / 1
@ -37,34 +37,24 @@ Details:
These pods contain a worker node of the Wazuh cluster. They will receive the agent events.
Details:
- Image: Docker Hub 'wazuh/wazuh:3.9.4_6.8.2'
- Image: Docker Hub 'wazuh/wazuh:3.9.4_7.1.0'
- Controller: StatefulSet
#### Elasticsearch
Elasticsearch pod. It receives and stores alerts received from Logstash. No Elasticsearch cluster is supported yet.
Elasticsearch pod. No Elasticsearch cluster is supported yet.
Details:
- Image: wazuh/wazuh-elasticsearch:3.9.4_6.8.2
- Image: wazuh/wazuh-elasticsearch:3.9.4_7.1.0
- Controller: StatefulSet
#### Logstash
Logstash pod. It receives the alerts from each Filebeat located in every Wazuh manager. Then, the alerts are sent to Elasticsearch.
Details:
- image: Docker Hub 'wazuh/logstash:3.9.4_6.8.2'
- Controller: Deployment
#### Kibana
Kibana pod. It lets you visualize your Elasticsearch data, along with other features as the Wazuh app.
Details:
- image: Docker Hub 'wazuh/kibana:3.9.4_6.8.2'
- image: Docker Hub 'wazuh/kibana:3.9.4_7.1.0'
- Controller: Deployment
#### Nginx
@ -72,7 +62,7 @@ Details:
The nginx pod acts as a reverse proxy for a safer access to Kibana.
Details:
- image: Docker Hub 'wazuh/nginx:3.9.4_6.8.2'
- image: Docker Hub 'wazuh/nginx:3.9.4_7.1.0'
- Controller: Deployment
@ -83,13 +73,11 @@ Details:
- wazuh-elasticsearch:
- Communication for Elasticsearch nodes.
- elasticsearch:
- Elasticsearch API. Used by Logstash/Kibana to write/read alerts.
- Elasticsearch API. Used by Kibana to write/read alerts.
- wazuh-nginx:
- Nginx proxy to access Kibana: https://wazuh.your-domain.com:443
- kibana:
- Kibana service.
- Logstash:
- Logstash service, each Manager node has a Filebeat pointing to this service.
#### Wazuh
@ -164,15 +152,6 @@ $ kubectl apply -f elastic_stack/kibana/kibana-deploy.yaml
$ kubectl apply -f elastic_stack/kibana/nginx-deploy.yaml
```
### Step 3.4: Deploy Logstash
Logstash deployment.
```BASH
$ kubectl apply -f elastic_stack/logstash/logstash-svc.yaml
$ kubectl apply -f elastic_stack/logstash/logstash-deploy.yaml
```
### Step 3.5: Deploy Wazuh
Wazuh cluster deployment.
@ -210,7 +189,6 @@ $ kubectl get services -n wazuh
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
elasticsearch ClusterIP xxx.yy.zzz.24 <none> 9200/TCP 12m
kibana ClusterIP xxx.yy.zzz.76 <none> 5601/TCP 11m
logstash ClusterIP xxx.yy.zzz.41 <none> 5000/TCP 10m
wazuh LoadBalancer xxx.yy.zzz.209 internal-a7a8... 1515:32623/TCP,55000:30283/TCP 9m
wazuh-cluster ClusterIP None <none> 1516/TCP 9m
wazuh-elasticsearch ClusterIP None <none> 9300/TCP 12m
@ -224,7 +202,6 @@ wazuh-workers LoadBalancer xxx.yy.zzz.26 internal-a7f9... 1514:31
$ kubectl get deployments -n wazuh
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
wazuh-kibana 1 1 1 1 11m
wazuh-logstash 1 1 1 1 10m
wazuh-nginx 1 1 1 1 11m
```
@ -247,7 +224,6 @@ $ kubectl get pods -n wazuh
NAME READY STATUS RESTARTS AGE
wazuh-elasticsearch-0 1/1 Running 0 15m
wazuh-kibana-f4d9c7944-httsd 1/1 Running 0 14m
wazuh-logstash-777b7cd47b-7cxfq 1/1 Running 0 13m
wazuh-manager-master-0 1/1 Running 0 12m
wazuh-manager-worker-0-0 1/1 Running 0 11m
wazuh-manager-worker-1-0 1/1 Running 0 11m

6
upgrade.md
View File

@ -27,12 +27,12 @@ Any file that we modify referring to the files previously mentioned, will be cha
To better understand it, we will give an example:
We have our newly created Kubernetes environment following our instructions. In this example, the image of Wazuh used has been `wazuh/wazuh:3.9.4_6.8.2`.
We have our newly created Kubernetes environment following our instructions. In this example, the image of Wazuh used has been `wazuh/wazuh:3.9.4_7.1.0`.
```
containers:
- name: wazuh-manager
image: 'wazuh/wazuh:3.9.4_6.8.2'
image: 'wazuh/wazuh:3.9.4_7.1.0'
```
Let's proceed by creating a set of rules in our `local_rules.xml` file at location `/var/ossec/etc/rules` in our wazuh manager master pod.
@ -187,7 +187,7 @@ And now we're going to upgrade to the next version:
```
containers:
- name: wazuh-manager
image: 'wazuh/wazuh:3.9.4_6.8.2'
image: 'wazuh/wazuh:3.9.4_7.1.0'
```