From 1afb1121b795e2bc3f7fb434b0e6216de9865696 Mon Sep 17 00:00:00 2001
From: Facundo Lorenzo <faculoren7@gmail.com>
Date: Wed, 19 Jun 2024 18:18:59 -0300
Subject: [PATCH] try issue #318

---
 wazuh/certs/indexer_cluster/generate_certs.sh | 38 ++-----------------
 .../wazuh-dashboard/dashboard-deploy.yaml     |  7 ++--
 .../wazuh-dashboard/dashboard-svc.yaml        | 30 ---------------
 .../wazuh-dashboard/lb-external.yaml          | 32 ++++++++++++++++
 .../wazuh-dashboard/lb-internal.yaml          | 22 +++++++++++
 .../cluster/indexer-api-svc.yaml              | 24 ------------
 wazuh/wazuh_managers/wazuh-master-svc.yaml    | 32 ----------------
 wazuh/wazuh_managers/wazuh-workers-svc.yaml   | 29 --------------
 8 files changed, 62 insertions(+), 152 deletions(-)
 delete mode 100644 wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml
 create mode 100644 wazuh/indexer_stack/wazuh-dashboard/lb-external.yaml
 create mode 100644 wazuh/indexer_stack/wazuh-dashboard/lb-internal.yaml
 delete mode 100644 wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
 delete mode 100644 wazuh/wazuh_managers/wazuh-master-svc.yaml
 delete mode 100644 wazuh/wazuh_managers/wazuh-workers-svc.yaml

diff --git a/wazuh/certs/indexer_cluster/generate_certs.sh b/wazuh/certs/indexer_cluster/generate_certs.sh
index ad59c814..5a730151 100755
--- a/wazuh/certs/indexer_cluster/generate_certs.sh
+++ b/wazuh/certs/indexer_cluster/generate_certs.sh
@@ -1,33 +1,3 @@
-#!/bin/bash
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-cd $DIR
-
-echo "Root CA"
-
-openssl genrsa -out root-ca-key.pem 2048
-
-openssl req -days 3650 -new -x509 -sha256 -key root-ca-key.pem -out root-ca.pem -subj "/C=US/L=California/O=Company/CN=root-ca"
-
-echo "Admin cert"
-
-echo "create: admin-key-temp.pem"
-
-openssl genrsa -out admin-key-temp.pem 2048
-
-echo "create: admin-key.pem"
-
-openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
-
-echo "create: admin.csr"
-
-openssl req -days 3650 -new -key admin-key.pem -out admin.csr -subj "/C=US/L=California/O=Company/CN=admin"
-
-echo "create: admin.pem"
-
-openssl x509 -req -days 3650 -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem
-
-
 echo "* Node cert"
 
 echo "create: node-key-temp.pem"
@@ -40,7 +10,7 @@ openssl pkcs8 -inform PEM -outform PEM -in node-key-temp.pem -topk8 -nocrypt -v1
 
 echo "create: node.csr"
 
-openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=indexer"
+openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=wazuh-internal-lb"
 
 echo "create: node.pem"
 
@@ -58,7 +28,7 @@ openssl pkcs8 -inform PEM -outform PEM -in dashboard-key-temp.pem -topk8 -nocryp
 
 echo "create: dashboard.csr"
 
-openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=dashboard"
+openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
 
 echo "create: dashboard.pem"
 
@@ -78,8 +48,8 @@ openssl pkcs8 -inform PEM -outform PEM -in filebeat-key-temp.pem -topk8 -nocrypt
 
 echo "create: filebeat.csr"
 
-openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=filebeat"
+openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
 
 echo "create: filebeat.pem"
 
-openssl x509 -req -days 3650 -in filebeat.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out filebeat.pem
+openssl x509 -req -days 3650 -in filebeat.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out filebeat.pem
\ No newline at end of file
diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml b/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
index b9b60eff..6b39dc1f 100644
--- a/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
+++ b/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
@@ -16,7 +16,8 @@ spec:
   replicas: 1
   selector:
     matchLabels:
-      app: wazuh-dashboard
+      app: wazuh-dashboard # Puede que alla que sacarlo
+      lbtype: external / internal
   template:
     metadata:
       labels:
@@ -59,7 +60,7 @@ spec:
               name: dashboard
           env:
             - name: INDEXER_URL
-              value: 'https://indexer:9200'
+              value: 'https://wazuh-internal-lb:9200'
             - name: INDEXER_USERNAME
               valueFrom:
                 secretKeyRef:
@@ -87,7 +88,7 @@ spec:
             - name: SERVER_SSL_KEY
               value: /usr/share/wazuh-dashboard/certs/key.pem
             - name: WAZUH_API_URL
-              value: https://wazuh-manager-master-0.wazuh-cluster
+              value: https://wazuh-external-lb
             - name: API_USERNAME
               valueFrom:
                 secretKeyRef:
diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml b/wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml
deleted file mode 100644
index a1670f77..00000000
--- a/wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-# Copyright (C) 2019, Wazuh Inc.
-#
-# This program is a free software; you can redistribute it
-# and/or modify it under the terms of the GNU General Public
-# License (version 2) as published by the FSF - Free Software
-# Foundation.
-
-# Dashboard service
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: dashboard
-  namespace: wazuh
-  labels:
-    app: wazuh-dashboard
-    # dns: route53
-  annotations:
-    domainName: 'risesiem.marveladvisors.com'
-    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: 'arn:aws:acm:us-west-1:590183765660:certificate/7efcf31c-9ad5-48fa-a162-79dfcdf79484'
-    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: '443'
-    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
-spec:
-  type: LoadBalancer
-  selector:
-    app: wazuh-dashboard
-  ports:
-    - name: dashboard
-      port: 443
-      targetPort: 5601
diff --git a/wazuh/indexer_stack/wazuh-dashboard/lb-external.yaml b/wazuh/indexer_stack/wazuh-dashboard/lb-external.yaml
new file mode 100644
index 00000000..da7f3c11
--- /dev/null
+++ b/wazuh/indexer_stack/wazuh-dashboard/lb-external.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-external-lb
+  namespace: wazuh
+  annotations:
+    domainName: 'risesiem.marveladvisors.com'
+    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: 'arn:aws:acm:us-west-1:590183765660:certificate/7efcf31c-9ad5-48fa-a162-79dfcdf79484'
+    service.beta.kubernetes.io/aws-load-balancer-type: external
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+    service.beta.kubernetes.io/aws-load-balancer-name: wazuh-external-lb
+spec:
+  type: LoadBalancer
+  ports:
+  - name: manager-worker-agents-events
+    port: 1514
+    targetPort: agents-events
+  - name: manager-cluster
+    port: 1516
+    targetPort: cluster-port
+  - name: manager-master-registration
+    port: 1515
+    targetPort: registration
+  - name: manager-master-api
+    port: 55000
+    targetPort: api-port
+  - name: dashboard
+    port: 443
+    targetPort: dashboard-port
+  selector:
+    lbtype: external
\ No newline at end of file
diff --git a/wazuh/indexer_stack/wazuh-dashboard/lb-internal.yaml b/wazuh/indexer_stack/wazuh-dashboard/lb-internal.yaml
new file mode 100644
index 00000000..e357ced0
--- /dev/null
+++ b/wazuh/indexer_stack/wazuh-dashboard/lb-internal.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-internal-lb
+  namespace: wazuh
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: internal
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internal
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+    service.beta.kubernetes.io/aws-load-balancer-name: wazuh-internal-lb
+spec:
+  type: LoadBalancer
+  ports:
+  - name: indexer-rest
+    port: 9200
+    targetPort: indexer-rest
+  - name: indexer-nodes
+    port: 9300
+    targetPort: indexer-nodes
+  selector:
+    lbtype: internal
+    app: wazuh-indexer
\ No newline at end of file
diff --git a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
deleted file mode 100644
index 7f25f61c..00000000
--- a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-# Copyright (C) 2019, Wazuh Inc.
-#
-# This program is a free software; you can redistribute it
-# and/or modify it under the terms of the GNU General Public
-# License (version 2) as published by the FSF - Free Software
-# Foundation.
-
-# Indexer service: API
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: indexer
-  namespace: wazuh
-  labels:
-    app: wazuh-indexer
-spec:
-  type: LoadBalancer
-  selector:
-    app: wazuh-indexer
-  ports:
-    - name: indexer-rest
-      port: 9200
-      targetPort: 9200
diff --git a/wazuh/wazuh_managers/wazuh-master-svc.yaml b/wazuh/wazuh_managers/wazuh-master-svc.yaml
deleted file mode 100644
index 50f19767..00000000
--- a/wazuh/wazuh_managers/wazuh-master-svc.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright (C) 2019, Wazuh Inc.
-#
-# This program is a free software; you can redistribute it
-# and/or modify it under the terms of the GNU General Public
-# License (version 2) as published by the FSF - Free Software
-# Foundation.
-
-# Wazuh master Service: API and registration (authd)
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: wazuh  # Don't change, unless you update the Wazuh dashboard app config
-  namespace: wazuh
-  labels:
-    app: wazuh-manager
-    # dns: route53
-  annotations:
-    # domainName: 'changeme'
-    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
-spec:
-  type: LoadBalancer
-  selector:
-    app: wazuh-manager
-    node-type: master
-  ports:
-    - name: registration
-      port: 1515
-      targetPort: 1515
-    - name: api
-      port: 55000
-      targetPort: 55000
diff --git a/wazuh/wazuh_managers/wazuh-workers-svc.yaml b/wazuh/wazuh_managers/wazuh-workers-svc.yaml
deleted file mode 100644
index bf30ec46..00000000
--- a/wazuh/wazuh_managers/wazuh-workers-svc.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-# Copyright (C) 2019, Wazuh Inc.
-#
-# This program is a free software; you can redistribute it
-# and/or modify it under the terms of the GNU General Public
-# License (version 2) as published by the FSF - Free Software
-# Foundation.
-
-# Wazuh workers service: Agent reporting
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: wazuh-workers
-  namespace: wazuh
-  labels:
-    app: wazuh-manager
-    # dns: route53
-    # annotations:
-    # domainName: 'wazuh-manager.some-domain.com'  # TODO: Change this for a Hosted Zone you configured in AWS Route 53
-    # service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
-spec:
-  type: LoadBalancer
-  selector:
-    app: wazuh-manager
-    node-type: worker
-  ports:
-    - name: agents-events
-      port: 1514
-      targetPort: 1514