Merge pull request #53 from jordanopensource/task/create-wazuh

Create Wazuh chart version 1.0.0
jordanopensource · Jul 30, 2024 · aa54f90 · aa54f90
2 parents fe5707d + dc414ce
commit aa54f90
Show file tree

Hide file tree

Showing 33 changed files with 2,638 additions and 0 deletions.
diff --git a/charts/wazuh/.helmignore b/charts/wazuh/.helmignore
@@ -0,0 +1,26 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+
+templates/deployment.yaml
+templates/NOTES.txt
diff --git a/charts/wazuh/Chart.yaml b/charts/wazuh/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: wazuh
+description: A Helm chart for Wazuh the open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "4.8.1"
diff --git a/charts/wazuh/README.md b/charts/wazuh/README.md
@@ -0,0 +1,138 @@
+# wazuh
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.8.1](https://img.shields.io/badge/AppVersion-4.8.1-informational?style=flat-square)
+
+A Helm chart for Wazuh the open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| dashboard.affinity | object | `{}` |  |
+| dashboard.config.ServerSSL | bool | `true` |  |
+| dashboard.config.dashboardCustomConfig | string | `""` | -------------- The configmap name that includes the dashboard custom config file Must have the key 'opensearch_dashboards.yml' |
+| dashboard.config.secrets.dashboardPassword | string | `"kibanaserver"` |  |
+| dashboard.config.secrets.dashboardUsername | string | `"kibanaserver"` | ----------------- WARN: Those are the default indexer dashboard credentials, do not change unless you changed the passwords and the usernames using the indexerInternalUsersSecretName in the indexer section |
+| dashboard.config.secrets.existingSecretName | string | `""` | ----------------- The secret must have the following keys DASHBOARD_USERNAME, DASHBOARD_PASSWORD |
+| dashboard.image.pullPolicy | string | `"IfNotPresent"` |  |
+| dashboard.image.repository | string | `"wazuh/wazuh-dashboard"` |  |
+| dashboard.image.tag | string | `"4.8.1"` |  |
+| dashboard.imagePullSecrets | list | `[]` |  |
+| dashboard.ingress.annotations | object | `{}` |  |
+| dashboard.ingress.className | string | `"nginx"` |  |
+| dashboard.ingress.enabled | bool | `false` |  |
+| dashboard.ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| dashboard.ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| dashboard.ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
+| dashboard.ingress.tls | list | `[]` |  |
+| dashboard.livenessProbe.failureThreshold | int | `3` |  |
+| dashboard.livenessProbe.httpGet.path | string | `"/"` |  |
+| dashboard.livenessProbe.httpGet.port | string | `"dashboard"` |  |
+| dashboard.livenessProbe.initialDelaySeconds | int | `60` |  |
+| dashboard.livenessProbe.periodSeconds | int | `10` |  |
+| dashboard.livenessProbe.successThreshold | int | `1` |  |
+| dashboard.livenessProbe.timeoutSeconds | int | `5` |  |
+| dashboard.nodeSelector | object | `{}` |  |
+| dashboard.podAnnotations | object | `{}` |  |
+| dashboard.podLabels | object | `{}` |  |
+| dashboard.podSecurityContext | object | `{}` |  |
+| dashboard.readinessProbe.failureThreshold | int | `3` |  |
+| dashboard.readinessProbe.httpGet.path | string | `"/"` |  |
+| dashboard.readinessProbe.httpGet.port | string | `"dashboard"` |  |
+| dashboard.readinessProbe.initialDelaySeconds | int | `60` |  |
+| dashboard.readinessProbe.periodSeconds | int | `10` |  |
+| dashboard.readinessProbe.successThreshold | int | `1` |  |
+| dashboard.readinessProbe.timeoutSeconds | int | `5` |  |
+| dashboard.replicaCount | int | `1` |  |
+| dashboard.resources | object | `{}` |  |
+| dashboard.securityContext | object | `{}` |  |
+| dashboard.service.port | int | `5601` |  |
+| dashboard.service.type | string | `"ClusterIP"` |  |
+| dashboard.tolerations | list | `[]` |  |
+| dashboard.volumeMounts | list | `[]` |  |
+| dashboard.volumes | list | `[]` |  |
+| fullnameOverride | string | `""` |  |
+| global.indexerUrl | string | `"https://wazuh-indexer:9200"` |  |
+| global.wazuhApiUrl | string | `"https://wazuh-master"` |  |
+| indexer.affinity | object | `{}` |  |
+| indexer.config.indexerCustomConfig | string | `""` |  |
+| indexer.config.indexerInternalUsersSecretName | string | `""` |  |
+| indexer.config.sslEnabled | bool | `true` |  |
+| indexer.image.pullPolicy | string | `"IfNotPresent"` |  |
+| indexer.image.repository | string | `"wazuh/wazuh-indexer"` |  |
+| indexer.image.tag | string | `"4.8.1"` |  |
+| indexer.imagePullSecrets | list | `[]` |  |
+| indexer.nodeSelector | object | `{}` |  |
+| indexer.podAnnotations | object | `{}` |  |
+| indexer.podLabels | object | `{}` |  |
+| indexer.podSecurityContext | object | `{}` |  |
+| indexer.replicaCount | int | `1` |  |
+| indexer.resources | object | `{}` |  |
+| indexer.securityContext.capabilities.add[0] | string | `"SYS_CHROOT"` |  |
+| indexer.storage.existingClaim | string | `""` |  |
+| indexer.storage.size | string | `"1Gi"` |  |
+| indexer.storage.storageClassName | string | `""` |  |
+| indexer.tolerations | list | `[]` |  |
+| indexer.volumeMounts | list | `[]` |  |
+| indexer.volumes | list | `[]` |  |
+| manager.config.customManagerConfig | string | `""` |  |
+| manager.config.filebeatSSLVerificationMode | string | `"none"` |  |
+| manager.config.secrets.existingSecretName | string | `""` |  |
+| manager.config.secrets.indexerPassword | string | `"SecretPassword"` |  |
+| manager.config.secrets.indexerUsername | string | `"admin"` | -----------------  WARN: Those are the default indexer credentials for the wazuh-manager, do not change unless you changed the passwords and the usernames using the indexerInternalUsersSecretName in the indexer section |
+| manager.config.secrets.wazuhApiPassword | string | `"Pho8OH1voo6eew@ahVui4Ahghu6leith"` |  |
+| manager.config.secrets.wazuhApiUsername | string | `"wazuh"` | ----------------- |
+| manager.config.secrets.wazuhAuthDPass | string | `"password"` |  |
+| manager.config.secrets.wazuhClusterKey | string | `"123a45bc67def891gh23i45jk67l8mn9"` |  |
+| manager.image.pullPolicy | string | `"IfNotPresent"` |  |
+| manager.image.repository | string | `"wazuh/wazuh-manager"` |  |
+| manager.image.tag | string | `"4.8.1"` |  |
+| manager.imagePullSecrets | list | `[]` |  |
+| manager.master.affinity | object | `{}` |  |
+| manager.master.nodeSelector | object | `{}` |  |
+| manager.master.podAnnotations | object | `{}` |  |
+| manager.master.podLabels | object | `{}` |  |
+| manager.master.podSecurityContext.fsGroup | int | `101` |  |
+| manager.master.resources | object | `{}` |  |
+| manager.master.securityContext.capabilities.add[0] | string | `"SYS_CHROOT"` |  |
+| manager.master.storage.existingClaim | string | `""` |  |
+| manager.master.storage.size | string | `"1Gi"` |  |
+| manager.master.storage.storageClassName | string | `""` |  |
+| manager.master.tolerations | list | `[]` |  |
+| manager.master.volumeMounts | list | `[]` |  |
+| manager.master.volumes | list | `[]` |  |
+| manager.service.annotations | object | `{}` |  |
+| manager.service.type | string | `"LoadBalancer"` |  |
+| manager.workers.affinity | object | `{}` |  |
+| manager.workers.nodeSelector | object | `{}` |  |
+| manager.workers.podAnnotations | object | `{}` |  |
+| manager.workers.podLabels | object | `{}` |  |
+| manager.workers.podSecurityContext.fsGroup | int | `101` |  |
+| manager.workers.replicaCount | int | `1` |  |
+| manager.workers.resources | object | `{}` |  |
+| manager.workers.securityContext.capabilities.add[0] | string | `"SYS_CHROOT"` |  |
+| manager.workers.storage.existingClaim | string | `""` |  |
+| manager.workers.storage.size | string | `"1Gi"` |  |
+| manager.workers.storage.storageClassName | string | `""` |  |
+| manager.workers.tolerations | list | `[]` |  |
+| manager.workers.volumeMounts | list | `[]` |  |
+| manager.workers.volumes | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.automount | bool | `true` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| tls.certManager.caCrtSecretName | string | `"node-tls"` |  |
+| tls.certManager.commonName | string | `"wazuh.example.com"` |  |
+| tls.certManager.dnsNames[0] | string | `"wazuh.example.com"` |  |
+| tls.certManager.dnsNames[1] | string | `"www.wazuh.example.com"` |  |
+| tls.certManager.duration | string | `"2160h"` |  |
+| tls.certManager.enabled | bool | `true` |  |
+| tls.certManager.issuer.kind | string | `"ClusterIssuer"` |  |
+| tls.certManager.issuer.name | string | `"your-issuer"` |  |
+| tls.certManager.renewBefore | string | `"360h"` |  |
+| tls.enabled | bool | `true` |  |
+| tls.secretName | string | `""` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/charts/wazuh/configs/dashboard_conf/opensearch_dashboards.yml b/charts/wazuh/configs/dashboard_conf/opensearch_dashboards.yml
@@ -0,0 +1,13 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh-indexer:9200
+opensearch.ssl.verificationMode: none
+opensearch.requestHeadersWhitelist: [authorization, securitytenant]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: false
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/cert.pem"
+opensearch.ssl.certificateAuthorities:
+  ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wz-home
diff --git a/charts/wazuh/configs/indexer_conf/internal_users.yml b/charts/wazuh/configs/indexer_conf/internal_users.yml
@@ -0,0 +1,23 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
+  reserved: true
+  backend_roles:
+    - "admin"
+  description: "Opensearch administrator used by the manager"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "the kibanaserver user for the dashboard"
diff --git a/charts/wazuh/configs/indexer_conf/opensearch.yml b/charts/wazuh/configs/indexer_conf/opensearch.yml
@@ -0,0 +1,31 @@
+cluster.name: ${CLUSTER_NAME}
+node.name: ${NODE_NAME}
+network.host: ${NETWORK_HOST}
+discovery.seed_hosts: ${DISCOVERY_SERVICE}
+cluster.initial_master_nodes:
+  - ${DISCOVERY_SERVICE}-0
+
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.enabled: ${HTTP_SSL_ENABLED}
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+  - CN=admin,O=Company,L=California,C=US
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+  - CN=*.wazuh-indexer,O=Company,L=California,C=US
+plugins.security.restapi.roles_enabled:
+  - "all_access"
+  - "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+compatibility.override_main_response_version: true