wazuh/wazuh-kubernetes
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-kubernetes.git synced 2025-12-10 00:38:21 -06:00
Code Issues Packages Projects Releases 100 Wiki Activity
wazuh-kubernetes/wazuh/wazuh_managers/wazuh-master-sts.yaml
wazuhci aefc162abe
feat: bump 4.14.1
2025-11-07 08:48:05 +00:00

160 lines
5.1 KiB
YAML
Raw Blame History

# Copyright (C) 2019, Wazuh Inc.
#
# This program is a free software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License (version 2) as published by the FSF - Free Software
# Foundation.
# Wazuh master StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: wazuh-manager-master
namespace: wazuh
spec:
replicas: 1
selector:
matchLabels:
app: wazuh-manager
node-type: master
serviceName: wazuh-cluster
podManagementPolicy: Parallel
template:
metadata:
labels:
app: wazuh-manager
node-type: master
name: wazuh-manager-master
spec:
volumes:
- name: config
configMap:
name: wazuh-conf
- name: filebeat-certs
secret:
secretName: indexer-certs
- name: wazuh-authd-pass
secret:
secretName: wazuh-authd-pass
securityContext:
fsGroup: 101
containers:
- name: wazuh-manager
image: 'wazuh/wazuh-manager:4.14.1-rc2'
resources:
limits:
cpu: 400m
memory: 512Mi
securityContext:
capabilities:
add: ["SYS_CHROOT"]
volumeMounts:
- name: config
mountPath: /wazuh-config-mount/etc/ossec.conf
subPath: master.conf
readOnly: true
- name: filebeat-certs
mountPath: /etc/ssl/root-ca.pem
readOnly: true
subPath: root-ca.pem
- name: filebeat-certs
mountPath: /etc/ssl/filebeat.pem
subPath: filebeat.pem
readOnly: true
- name: filebeat-certs
mountPath: /etc/ssl/filebeat.key
subPath: filebeat-key.pem
readOnly: true
- name: wazuh-authd-pass
mountPath: /wazuh-config-mount/etc/authd.pass
subPath: authd.pass
readOnly: true
- name: wazuh-manager-master
mountPath: /var/ossec/api/configuration
subPath: wazuh/var/ossec/api/configuration
- name: wazuh-manager-master
mountPath: /var/ossec/etc
subPath: wazuh/var/ossec/etc
- name: wazuh-manager-master
mountPath: /var/ossec/logs
subPath: wazuh/var/ossec/logs
- name: wazuh-manager-master
mountPath: /var/ossec/queue
subPath: wazuh/var/ossec/queue
- name: wazuh-manager-master
mountPath: /var/ossec/var/multigroups
subPath: wazuh/var/ossec/var/multigroups
- name: wazuh-manager-master
mountPath: /var/ossec/integrations
subPath: wazuh/var/ossec/integrations
- name: wazuh-manager-master
mountPath: /var/ossec/active-response/bin
subPath: wazuh/var/ossec/active-response/bin
- name: wazuh-manager-master
mountPath: /var/ossec/agentless
subPath: wazuh/var/ossec/agentless
- name: wazuh-manager-master
mountPath: /var/ossec/wodles
subPath: wazuh/var/ossec/wodles
- name: wazuh-manager-master
mountPath: /etc/filebeat
subPath: filebeat/etc/filebeat
- name: wazuh-manager-master
mountPath: /var/lib/filebeat
subPath: filebeat/var/lib/filebeat
ports:
- containerPort: 1515
name: registration
- containerPort: 1516
name: cluster
- containerPort: 55000
name: api
env:
- name: INDEXER_URL
value: 'https://indexer:9200'
- name: INDEXER_USERNAME
valueFrom:
secretKeyRef:
name: indexer-cred
key: username
- name: INDEXER_PASSWORD
valueFrom:
secretKeyRef:
name: indexer-cred
key: password
- name: FILEBEAT_SSL_VERIFICATION_MODE
value: 'full'
- name: SSL_CERTIFICATE_AUTHORITIES
value: /etc/ssl/root-ca.pem
- name: SSL_CERTIFICATE
value: /etc/ssl/filebeat.pem
- name: SSL_KEY
value: /etc/ssl/filebeat.key
- name: API_USERNAME
valueFrom:
secretKeyRef:
name: wazuh-api-cred
key: username
- name: API_PASSWORD
valueFrom:
secretKeyRef:
name: wazuh-api-cred
key: password
- name: WAZUH_CLUSTER_KEY
valueFrom:
secretKeyRef:
name: wazuh-cluster-key
key: key
volumeClaimTemplates:
- metadata:
name: wazuh-manager-master
namespace: wazuh
spec:
accessModes:
- ReadWriteOnce
storageClassName: wazuh-storage
resources:
requests:
storage: 500Mi
Reference in New Issue View Git Blame Copy Permalink