From f1ec59c62185de88bd7d5eea5cea255de9593106 Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Wed, 12 Jun 2024 17:56:54 +0300
Subject: [PATCH 01/20] Create wazuh chart

---
 charts/wazuh/.helmignore                      |  26 ++
 charts/wazuh/Chart.yaml                       |  24 ++
 .../dashboard_conf/opensearch_dashboards.yml  |  13 +
 charts/wazuh/indexer_conf/internal_users.yml  |  56 +++
 charts/wazuh/indexer_conf/opensearch.yml      |  31 ++
 charts/wazuh/templates/NOTES.txt              |  22 +
 charts/wazuh/templates/_helpers.tpl           |  62 +++
 .../templates/dashboard/dasboard-ingress.yaml |  61 +++
 .../dashboard/dashboard-configmap.yaml        |   8 +
 .../dashboard/dashboard-deployment.yaml       | 122 ++++++
 .../templates/dashboard/dashboard-secret.yaml |  10 +
 .../templates/dashboard/dashboard-svc.yaml    |  17 +
 .../templates/indexer/indexer-api-svc.yaml    |  17 +
 .../templates/indexer/indexer-configmap.yaml  |   8 +
 .../wazuh/templates/indexer/indexer-sts.yaml  | 183 ++++++++
 .../wazuh/templates/indexer/indexer-svc.yaml  |  18 +
 .../indexer/indexer-users-secret.yaml         |   9 +
 .../templates/manager/wazuh-cluster-svc.yaml  |  18 +
 .../templates/manager/wazuh-configmap.yaml    |   8 +
 .../templates/manager/wazuh-master-sts.yaml   | 184 ++++++++
 .../templates/manager/wazuh-master-svc .yaml  |  26 ++
 .../wazuh/templates/manager/wazuh-secret.yaml |  14 +
 .../templates/manager/wazuh-worker-sts.yaml   | 169 ++++++++
 .../templates/manager/wazuh-workers-svc .yaml |  22 +
 charts/wazuh/templates/serviceaccount.yaml    |  13 +
 charts/wazuh/values.yaml                      | 382 +++++++++++++++++
 charts/wazuh/wazuh_conf/master.conf           | 401 ++++++++++++++++++
 charts/wazuh/wazuh_conf/worker.conf           | 401 ++++++++++++++++++
 28 files changed, 2325 insertions(+)
 create mode 100644 charts/wazuh/.helmignore
 create mode 100644 charts/wazuh/Chart.yaml
 create mode 100644 charts/wazuh/dashboard_conf/opensearch_dashboards.yml
 create mode 100644 charts/wazuh/indexer_conf/internal_users.yml
 create mode 100644 charts/wazuh/indexer_conf/opensearch.yml
 create mode 100644 charts/wazuh/templates/NOTES.txt
 create mode 100644 charts/wazuh/templates/_helpers.tpl
 create mode 100644 charts/wazuh/templates/dashboard/dasboard-ingress.yaml
 create mode 100644 charts/wazuh/templates/dashboard/dashboard-configmap.yaml
 create mode 100644 charts/wazuh/templates/dashboard/dashboard-deployment.yaml
 create mode 100644 charts/wazuh/templates/dashboard/dashboard-secret.yaml
 create mode 100644 charts/wazuh/templates/dashboard/dashboard-svc.yaml
 create mode 100644 charts/wazuh/templates/indexer/indexer-api-svc.yaml
 create mode 100644 charts/wazuh/templates/indexer/indexer-configmap.yaml
 create mode 100644 charts/wazuh/templates/indexer/indexer-sts.yaml
 create mode 100644 charts/wazuh/templates/indexer/indexer-svc.yaml
 create mode 100644 charts/wazuh/templates/indexer/indexer-users-secret.yaml
 create mode 100644 charts/wazuh/templates/manager/wazuh-cluster-svc.yaml
 create mode 100644 charts/wazuh/templates/manager/wazuh-configmap.yaml
 create mode 100644 charts/wazuh/templates/manager/wazuh-master-sts.yaml
 create mode 100644 charts/wazuh/templates/manager/wazuh-master-svc .yaml
 create mode 100644 charts/wazuh/templates/manager/wazuh-secret.yaml
 create mode 100644 charts/wazuh/templates/manager/wazuh-worker-sts.yaml
 create mode 100644 charts/wazuh/templates/manager/wazuh-workers-svc .yaml
 create mode 100644 charts/wazuh/templates/serviceaccount.yaml
 create mode 100644 charts/wazuh/values.yaml
 create mode 100644 charts/wazuh/wazuh_conf/master.conf
 create mode 100644 charts/wazuh/wazuh_conf/worker.conf

diff --git a/charts/wazuh/.helmignore b/charts/wazuh/.helmignore
new file mode 100644
index 0000000..f3e4c61
--- /dev/null
+++ b/charts/wazuh/.helmignore
@@ -0,0 +1,26 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+
+templates/deployment.yaml
+templates/NOTES.txt
diff --git a/charts/wazuh/Chart.yaml b/charts/wazuh/Chart.yaml
new file mode 100644
index 0000000..b31c185
--- /dev/null
+++ b/charts/wazuh/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: wazuh
+description: A Helm chart for Wazuh the open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "4.7.4"
diff --git a/charts/wazuh/dashboard_conf/opensearch_dashboards.yml b/charts/wazuh/dashboard_conf/opensearch_dashboards.yml
new file mode 100644
index 0000000..a92dff6
--- /dev/null
+++ b/charts/wazuh/dashboard_conf/opensearch_dashboards.yml
@@ -0,0 +1,13 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: http://wazuh-indexer:9200
+opensearch.ssl.verificationMode: none
+opensearch.requestHeadersWhitelist: [authorization, securitytenant]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: false
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/cert.pem"
+opensearch.ssl.certificateAuthorities:
+  ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wazuh
diff --git a/charts/wazuh/indexer_conf/internal_users.yml b/charts/wazuh/indexer_conf/internal_users.yml
new file mode 100644
index 0000000..d9f05b3
--- /dev/null
+++ b/charts/wazuh/indexer_conf/internal_users.yml
@@ -0,0 +1,56 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
+  reserved: true
+  backend_roles:
+  - "admin"
+  description: "Demo admin user"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "Demo kibanaserver user"
+
+kibanaro:
+  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  - "readall"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+  description: "Demo kibanaro user"
+
+logstash:
+  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+  reserved: false
+  backend_roles:
+  - "logstash"
+  description: "Demo logstash user"
+
+readall:
+  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+  reserved: false
+  backend_roles:
+  - "readall"
+  description: "Demo readall user"
+
+snapshotrestore:
+  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+  description: "Demo snapshotrestore user"
diff --git a/charts/wazuh/indexer_conf/opensearch.yml b/charts/wazuh/indexer_conf/opensearch.yml
new file mode 100644
index 0000000..b7334bd
--- /dev/null
+++ b/charts/wazuh/indexer_conf/opensearch.yml
@@ -0,0 +1,31 @@
+cluster.name: ${CLUSTER_NAME}
+node.name: ${NODE_NAME}
+network.host: ${NETWORK_HOST}
+discovery.seed_hosts: ${DISCOVERY_SERVICE}
+cluster.initial_master_nodes:
+  - ${DISCOVERY_SERVICE}-0
+
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.enabled: ${HTTP_SSL_ENABLED}
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+  - CN=admin,O=Company,L=California,C=US
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+  - CN=*.wazuh-indexer,O=Company,L=California,C=US
+plugins.security.restapi.roles_enabled:
+  - "all_access"
+  - "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+compatibility.override_main_response_version: true
diff --git a/charts/wazuh/templates/NOTES.txt b/charts/wazuh/templates/NOTES.txt
new file mode 100644
index 0000000..d16d7d6
--- /dev/null
+++ b/charts/wazuh/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "wazuh.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "wazuh.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "wazuh.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "wazuh.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/charts/wazuh/templates/_helpers.tpl b/charts/wazuh/templates/_helpers.tpl
new file mode 100644
index 0000000..a666724
--- /dev/null
+++ b/charts/wazuh/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "wazuh.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "wazuh.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "wazuh.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "wazuh.labels" -}}
+helm.sh/chart: {{ include "wazuh.chart" . }}
+{{ include "wazuh.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "wazuh.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "wazuh.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "wazuh.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "wazuh.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/charts/wazuh/templates/dashboard/dasboard-ingress.yaml b/charts/wazuh/templates/dashboard/dasboard-ingress.yaml
new file mode 100644
index 0000000..c0849f5
--- /dev/null
+++ b/charts/wazuh/templates/dashboard/dasboard-ingress.yaml
@@ -0,0 +1,61 @@
+{{- if .Values.dashboard.ingress.enabled -}}
+{{- $fullName := include "wazuh.fullname" . -}}-dashboard
+{{- $svcPort := .Values.dashboard.service.port -}}
+{{- if and .Values.dashboard.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.dashboard.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.dashboard.ingress.annotations "kubernetes.io/ingress.class" .Values.dashboard.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "wazuh.labels" . | nindent 4 }}
+  {{- with .Values.dashboard.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.dashboard.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.dashboard.ingress.className }}
+  {{- end }}
+  {{- if .Values.dashboard.ingress.tls }}
+  tls:
+    {{- range .Values.dashboard.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.dashboard.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/charts/wazuh/templates/dashboard/dashboard-configmap.yaml b/charts/wazuh/templates/dashboard/dashboard-configmap.yaml
new file mode 100644
index 0000000..4329d98
--- /dev/null
+++ b/charts/wazuh/templates/dashboard/dashboard-configmap.yaml
@@ -0,0 +1,8 @@
+{{- if not .Values.dashboard.config.dashboardCustomConfig }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ include "wazuh.fullname" . }}-dashboard-config
+data:
+{{ (.Files.Glob "dashboard_conf/*").AsConfig | indent 2 }}
+{{- end }}
diff --git a/charts/wazuh/templates/dashboard/dashboard-deployment.yaml b/charts/wazuh/templates/dashboard/dashboard-deployment.yaml
new file mode 100644
index 0000000..65954f2
--- /dev/null
+++ b/charts/wazuh/templates/dashboard/dashboard-deployment.yaml
@@ -0,0 +1,122 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "wazuh.fullname" . }}-dashboard
+  labels:
+    {{- include "wazuh.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.dashboard.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "wazuh.fullname" . }}-dashboard
+      {{- include "wazuh.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.dashboard.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        app: {{ include "wazuh.fullname" . }}-dashboard
+        {{- include "wazuh.labels" . | nindent 8 }}
+        {{- with .Values.dashboard.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.dashboard.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "wazuh.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.dashboard.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ include "wazuh.fullname" . }}-dashboard
+          securityContext:
+            {{- toYaml .Values.dashboard.securityContext | nindent 12 }}
+          image: "{{ .Values.dashboard.image.repository }}:{{ .Values.dashboard.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.dashboard.image.pullPolicy }}
+          envFrom:
+            {{- if .Values.dashboard.config.secrets.existingSecretName }}
+            - secretRef:
+                name: {{ .Values.dashboard.config.secrets.existingSecretName }}
+            {{- else }}
+            - secretRef:
+                name: {{ include "wazuh.fullname" . }}-dashboard
+            {{- end }}
+            {{- if .Values.manager.config.secrets.existingSecretName }}
+            - secretRef:
+                name: {{ .Values.manager.config.secrets.existingSecretName }}
+            {{- else }}
+            - secretRef:
+                name: {{ include "wazuh.fullname" . }}-manager
+            {{- end }}
+          env:
+            - name: INDEXER_URL
+              value: {{ .Values.global.indexerUrl | quote  }}
+            - name: WAZUH_API_URL
+              value: {{ .Values.global.wazuhApiUrl | quote  }}
+            - name: SERVER_SSL_ENABLED
+              value: {{ .Values.dashboard.config.ServerSSL | quote  }}
+            - name: SERVER_SSL_CERTIFICATE
+              value: /usr/share/wazuh-dashboard/certs/cert.pem
+            - name: SERVER_SSL_KEY
+              value: /usr/share/wazuh-dashboard/certs/key.pem
+          ports:
+            - name: dashboard
+              containerPort: 5601
+              protocol: TCP
+          livenessProbe:
+            {{- toYaml .Values.dashboard.livenessProbe | nindent 12 }}
+          readinessProbe:
+            {{- toYaml .Values.dashboard.readinessProbe | nindent 12 }}
+          resources:
+            {{- toYaml .Values.dashboard.resources | nindent 12 }}
+          volumeMounts:
+            - name: config
+              mountPath: /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+              subPath: opensearch_dashboards.yml
+              readOnly: false
+            - name: dashboard-certs
+              mountPath: /usr/share/wazuh-dashboard/certs/cert.pem
+              readOnly: true
+              subPath: cert.pem
+            - name: dashboard-certs
+              mountPath: /usr/share/wazuh-dashboard/certs/key.pem
+              readOnly: true
+              subPath: key.pem
+            - name: dashboard-certs
+              mountPath: /usr/share/wazuh-dashboard/certs/root-ca.pem
+              subPath: root-ca.pem
+              readOnly: true
+          {{- with .Values.dashboard.volumeMounts }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      volumes:
+        {{- if .Values.dashboard.config.dashboardCustomConfig }}
+        - name: config
+          configMap:
+            name: {{ .Values.dashboard.config.dashboardCustomConfig }}
+        {{- else }}
+        - name: config
+          configMap:
+            name: {{ include "wazuh.fullname" . }}-dashboard-config
+        {{- end }}
+        - name: dashboard-certs
+          secret:
+            secretName: {{ required "A valid dashboardCertsSecretName is required!" .Values.dashboard.config.dashboardCertsSecretName }}
+      {{- with .Values.dashboard.volumes }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.dashboard.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.dashboard.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.dashboard.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/wazuh/templates/dashboard/dashboard-secret.yaml b/charts/wazuh/templates/dashboard/dashboard-secret.yaml
new file mode 100644
index 0000000..fce5525
--- /dev/null
+++ b/charts/wazuh/templates/dashboard/dashboard-secret.yaml
@@ -0,0 +1,10 @@
+{{- if not .Values.dashboard.config.secrets.existingSecretName }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name:  {{ include "wazuh.fullname" . }}-dashboard
+type: Opaque
+data:
+  DASHBOARD_USERNAME: {{ .Values.dashboard.config.secrets.dashboardUsername | b64enc }}
+  DASHBOARD_PASSWORD: {{ .Values.dashboard.config.secrets.dashboardPassword | b64enc }}
+{{- end }}
diff --git a/charts/wazuh/templates/dashboard/dashboard-svc.yaml b/charts/wazuh/templates/dashboard/dashboard-svc.yaml
new file mode 100644
index 0000000..952358c
--- /dev/null
+++ b/charts/wazuh/templates/dashboard/dashboard-svc.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "wazuh.fullname" . }}-dashboard
+  labels:
+    app: {{ include "wazuh.fullname" . }}-dashboard
+    {{- include "wazuh.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.dashboard.service.type }}
+  ports:
+    - port: {{ .Values.dashboard.service.port }}
+      targetPort: 5601
+      protocol: TCP
+      name: dashboard
+  selector:
+    app: {{ include "wazuh.fullname" . }}-dashboard
+    {{- include "wazuh.selectorLabels" . | nindent 4 }}
diff --git a/charts/wazuh/templates/indexer/indexer-api-svc.yaml b/charts/wazuh/templates/indexer/indexer-api-svc.yaml
new file mode 100644
index 0000000..6179f5e
--- /dev/null
+++ b/charts/wazuh/templates/indexer/indexer-api-svc.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "wazuh.fullname" . }}-indexer-api
+  labels:
+    app: {{ include "wazuh.fullname" . }}-indexer
+    {{- include "wazuh.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: 9200
+      targetPort: 9200
+      protocol: TCP
+      name: indexer-api
+  selector:
+    app: {{ include "wazuh.fullname" . }}-indexer
+    {{- include "wazuh.selectorLabels" . | nindent 4 }}
diff --git a/charts/wazuh/templates/indexer/indexer-configmap.yaml b/charts/wazuh/templates/indexer/indexer-configmap.yaml
new file mode 100644
index 0000000..303314d
--- /dev/null
+++ b/charts/wazuh/templates/indexer/indexer-configmap.yaml
@@ -0,0 +1,8 @@
+{{- if not .Values.indexer.config.indexerCustomConfig }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ include "wazuh.fullname" . }}-indexer-config
+data:
+{{ (.Files.Glob "indexer_conf/opensearch.yml").AsConfig | indent 2 }}
+{{- end }}
diff --git a/charts/wazuh/templates/indexer/indexer-sts.yaml b/charts/wazuh/templates/indexer/indexer-sts.yaml
new file mode 100644
index 0000000..d01ca1f
--- /dev/null
+++ b/charts/wazuh/templates/indexer/indexer-sts.yaml
@@ -0,0 +1,183 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "wazuh.fullname" . }}-indexer
+  labels:
+    {{- include "wazuh.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.indexer.replicaCount }}
+  serviceName: {{ include "wazuh.fullname" . }}-indexer
+  selector:
+    matchLabels:
+      app: {{ include "wazuh.fullname" . }}-indexer
+      {{- include "wazuh.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.indexer.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        app: {{ include "wazuh.fullname" . }}-indexer
+        {{- include "wazuh.labels" . | nindent 8 }}
+        {{- with .Values.indexer.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.indexer.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "wazuh.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.indexer.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: volume-mount-hack
+          image: busybox
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+            limits:
+              cpu: 100m
+              memory: 256Mi
+          command:
+            - sh
+            - '-c'
+            - 'chown -R 1000:1000 /var/lib/wazuh-indexer'
+          volumeMounts:
+            - name: wazuh-indexer
+              mountPath: /var/lib/wazuh-indexer
+        - name: increase-the-vm-max-map-count
+          image: busybox
+          command:
+            - sysctl
+            - -w
+            - vm.max_map_count=262144
+          securityContext:
+            privileged: true
+      containers:
+        - name: {{ include "wazuh.fullname" . }}-indexer
+          securityContext:
+            {{- toYaml .Values.indexer.securityContext | nindent 12 }}
+          image: "{{ .Values.indexer.image.repository }}:{{ .Values.indexer.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.indexer.image.pullPolicy }}
+          env:
+            - name: OPENSEARCH_JAVA_OPTS
+              value: '-Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true'
+            - name: CLUSTER_NAME
+              value: {{ include "wazuh.fullname" . }}
+            - name: NETWORK_HOST
+              value: "0.0.0.0"
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: DISCOVERY_SERVICE
+              value: {{ include "wazuh.fullname" . }}-indexer
+            - name: KUBERNETES_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: HTTP_SSL_ENABLED
+              value: {{ .Values.indexer.config.sslEnabled | quote }}
+            - name: DISABLE_INSTALL_DEMO_CONFIG
+              value: "true"
+          ports:
+            - name: indexer-api
+              protocol: TCP
+              containerPort: 9200
+            - name: indexer-nodes
+              containerPort: 9300
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.indexer.resources | nindent 12 }}
+          volumeMounts:
+            - name: wazuh-indexer
+              mountPath: /var/lib/wazuh-indexer
+            - name: indexer-conf
+              mountPath: /usr/share/wazuh-indexer/opensearch.yml
+              subPath: opensearch.yml
+              readOnly: true
+            - name: indexer-users
+              mountPath: /usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+              subPath: internal_users.yml
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/node-key.pem
+              subPath: node-key.pem
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/node.pem
+              subPath: node.pem
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/root-ca.pem
+              subPath: root-ca.pem
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/admin.pem
+              subPath: admin.pem
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/admin-key.pem
+              subPath: admin-key.pem
+              readOnly: true
+            {{- with .Values.indexer.volumeMounts }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+      volumes:
+        {{- if .Values.indexer.config.indexerInternalUsersSecretName }}
+        - name: indexer-users
+          secret:
+            secretName: {{ .Values.indexer.config.indexerInternalUsersSecretName }}
+        {{- else }}
+        - name: indexer-users
+          secret:
+            secretName: {{ include "wazuh.fullname" . }}-indexer-users
+        {{- end }}
+        {{- if .Values.indexer.config.indexerCustomConfig }}
+        - name: indexer-conf
+          configMap:
+            name: {{ .Values.indexer.config.indexerCustomConfig }}
+        {{- else }}
+        - name: indexer-conf
+          configMap:
+            name: {{ include "wazuh.fullname" . }}-indexer-config
+        {{- end }}
+        - name: indexer-certs
+          secret:
+            secretName: {{ required "A valid indexerCertsSecretName is required!" .Values.indexer.config.indexerCertsSecretName }}
+        {{- if .Values.indexer.storage.existingClaim }}
+        - name: wazuh-indexer
+          persistentVolumeClaim:
+            claimName: {{ .Values.indexer.storage.existingClaim }}
+        {{- end }}
+      {{- with .Values.indexer.volumes }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.indexer.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.indexer.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.indexer.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+  {{- if not .Values.indexer.storage.existingClaim }}
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-indexer
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        {{- if .Values.indexer.storage.storageClassName }}
+        storageClassName: {{ .Values.indexer.storage.storageClassName }}
+        {{- end }}
+        resources:
+          requests:
+            storage: {{ .Values.indexer.storage.size }}
+  {{- end }}
diff --git a/charts/wazuh/templates/indexer/indexer-svc.yaml b/charts/wazuh/templates/indexer/indexer-svc.yaml
new file mode 100644
index 0000000..0ae5b50
--- /dev/null
+++ b/charts/wazuh/templates/indexer/indexer-svc.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "wazuh.fullname" . }}-indexer
+  labels:
+    app: {{ include "wazuh.fullname" . }}-indexer
+    {{- include "wazuh.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+    - port: 9300
+      targetPort: 9300
+      protocol: TCP
+      name: indexer-nodes
+  selector:
+    app: {{ include "wazuh.fullname" . }}-indexer
+    {{- include "wazuh.selectorLabels" . | nindent 4 }}
diff --git a/charts/wazuh/templates/indexer/indexer-users-secret.yaml b/charts/wazuh/templates/indexer/indexer-users-secret.yaml
new file mode 100644
index 0000000..8f7d529
--- /dev/null
+++ b/charts/wazuh/templates/indexer/indexer-users-secret.yaml
@@ -0,0 +1,9 @@
+{{- if not .Values.indexer.config.indexerInternalUsersSecretName }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "wazuh.fullname" . }}-indexer-users
+type: Opaque
+data:
+{{ (.Files.Glob "indexer_conf/internal_users.yml").AsSecrets | indent 2 }}
+{{- end }}
diff --git a/charts/wazuh/templates/manager/wazuh-cluster-svc.yaml b/charts/wazuh/templates/manager/wazuh-cluster-svc.yaml
new file mode 100644
index 0000000..d852b8c
--- /dev/null
+++ b/charts/wazuh/templates/manager/wazuh-cluster-svc.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "wazuh.fullname" . }}-cluster
+  labels:
+    app: {{ include "wazuh.fullname" . }}-manager
+    {{- include "wazuh.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+    - port: 1516
+      targetPort: 1516
+      protocol: TCP
+      name: cluster
+  selector:
+    app: {{ include "wazuh.fullname" . }}-manager
+    {{- include "wazuh.selectorLabels" . | nindent 4 }}
diff --git a/charts/wazuh/templates/manager/wazuh-configmap.yaml b/charts/wazuh/templates/manager/wazuh-configmap.yaml
new file mode 100644
index 0000000..6d60dd9
--- /dev/null
+++ b/charts/wazuh/templates/manager/wazuh-configmap.yaml
@@ -0,0 +1,8 @@
+{{- if not .Values.manager.config.customManagerConfig }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ include "wazuh.fullname" . }}-manager-config
+data:
+{{ (.Files.Glob "wazuh_conf/*").AsConfig | indent 2 }}
+{{- end }}
diff --git a/charts/wazuh/templates/manager/wazuh-master-sts.yaml b/charts/wazuh/templates/manager/wazuh-master-sts.yaml
new file mode 100644
index 0000000..75a451e
--- /dev/null
+++ b/charts/wazuh/templates/manager/wazuh-master-sts.yaml
@@ -0,0 +1,184 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "wazuh.fullname" . }}-manager-master
+  labels:
+    {{- include "wazuh.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  serviceName: {{ include "wazuh.fullname" . }}-cluster
+  selector:
+    matchLabels:
+      app: {{ include "wazuh.fullname" . }}-manager
+      node-type: master
+      {{- include "wazuh.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.manager.master.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        app: {{ include "wazuh.fullname" . }}-manager
+        node-type: master
+        {{- include "wazuh.labels" . | nindent 8 }}
+        {{- with .Values.manager.master.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.manager.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "wazuh.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.manager.master.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ include "wazuh.fullname" . }}-manager
+          securityContext:
+            {{- toYaml .Values.manager.master.securityContext | nindent 12 }}
+          image: "{{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.manager.image.pullPolicy }}
+          envFrom:
+            {{- if .Values.manager.config.secrets.existingSecretName }}
+            - secretRef:
+                name: {{ .Values.manager.config.secrets.existingSecretName }}
+            {{- else }}
+            - secretRef:
+                name: {{ include "wazuh.fullname" . }}-manager
+            {{- end }}
+          env:
+            - name: INDEXER_URL
+              value: {{ .Values.global.indexerUrl | quote }}
+            - name: FILEBEAT_SSL_VERIFICATION_MODE
+              value: {{ .Values.manager.config.filebeatSSLVerificationMode | quote }}
+            - name: SSL_CERTIFICATE_AUTHORITIES
+              value: /etc/ssl/root-ca.pem
+            - name: SSL_CERTIFICATE
+              value: /etc/ssl/filebeat.pem
+            - name: SSL_KEY
+              value: /etc/ssl/filebeat.key
+          ports:
+            - name: registration
+              containerPort: 1515
+              protocol: TCP
+            - name: cluster
+              containerPort: 1516
+              protocol: TCP
+            - name: api
+              containerPort: 55000
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.manager.master.resources | nindent 12 }}
+          volumeMounts:
+            - name: config
+              mountPath: /wazuh-config-mount/etc/ossec.conf
+              subPath: master.conf
+              readOnly: true
+            - name: wazuh-authd-pass
+              mountPath: /wazuh-config-mount/etc/authd.pass
+              subPath: authd.pass
+              readOnly: true
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/api/configuration
+              subPath: wazuh/var/ossec/api/configuration
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/etc
+              subPath: wazuh/var/ossec/etc
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/logs
+              subPath: wazuh/var/ossec/logs
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/queue
+              subPath: wazuh/var/ossec/queue
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/var/multigroups
+              subPath: wazuh/var/ossec/var/multigroups
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/integrations
+              subPath: wazuh/var/ossec/integrations
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/active-response/bin
+              subPath: wazuh/var/ossec/active-response/bin
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/agentless
+              subPath: wazuh/var/ossec/agentless
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/wodles
+              subPath: wazuh/var/ossec/wodles
+            - name: wazuh-manager-master
+              mountPath: /etc/filebeat
+              subPath: filebeat/etc/filebeat
+            - name: wazuh-manager-master
+              mountPath: /var/lib/filebeat
+              subPath: filebeat/var/lib/filebeat
+            - name: filebeat-certs
+              mountPath: /etc/ssl/root-ca.pem
+              readOnly: true
+              subPath: root-ca.pem
+            - name: filebeat-certs
+              mountPath: /etc/ssl/filebeat.pem
+              subPath: filebeat.pem
+              readOnly: true
+            - name: filebeat-certs
+              mountPath: /etc/ssl/filebeat.key
+              subPath: filebeat-key.pem
+              readOnly: true
+          {{- with .Values.manager.master.volumeMounts }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      volumes:
+        {{- if .Values.manager.config.customManagerConfig }}
+        - name: config
+          configMap:
+            name: {{ .Values.manager.config.customManagerConfig }}
+        {{- else }}
+        - name: config
+          configMap:
+            name: {{ include "wazuh.fullname" . }}-manager-config
+        {{- end }}
+        {{- if .Values.manager.config.secrets.existingSecretName }}
+        - name: wazuh-authd-pass
+          secret:
+            secretName: {{ .Values.manager.config.secrets.existingSecretName }}
+        {{- else }}
+        - name: wazuh-authd-pass
+          secret:
+            secretName:  {{ include "wazuh.fullname" . }}-manager
+        {{- end }}
+        - name: filebeat-certs
+          secret:
+            secretName: {{ .Values.indexer.config.indexerCertsSecretName }}
+        {{- if .Values.manager.master.storage.existingClaim }}
+        - name: wazuh-manager-master
+          persistentVolumeClaim:
+            claimName: {{ .Values.manager.master.storage.existingClaim }}
+        {{- end }}
+      {{- with .Values.manager.master.volumes }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.manager.master.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.manager.master.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.manager.master.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+  {{- if not .Values.manager.master.storage.existingClaim }}
+  volumeClaimTemplates:
+    - metadata:
+        name:  wazuh-manager-master
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        {{- if .Values.manager.master.storage.storageClassName }}
+        storageClassName: {{ .Values.manager.master.storage.storageClassName }}
+        {{- end }}
+        resources:
+          requests:
+            storage: {{ .Values.manager.master.storage.size }}
+  {{- end }}
diff --git a/charts/wazuh/templates/manager/wazuh-master-svc .yaml b/charts/wazuh/templates/manager/wazuh-master-svc .yaml
new file mode 100644
index 0000000..6048c8f
--- /dev/null
+++ b/charts/wazuh/templates/manager/wazuh-master-svc .yaml	
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "wazuh.fullname" . }}
+  labels:
+    app: {{ include "wazuh.fullname" . }}-manager
+    {{- include "wazuh.labels" . | nindent 4 }}
+  {{- with .Values.manager.master.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 8 }}
+  {{- end }}
+spec:
+  type: {{ .Values.manager.master.service.type }}
+  ports:
+    - port: 1515
+      targetPort: 1515
+      protocol: TCP
+      name: registration
+    - port: 55000
+      targetPort: 55000
+      protocol: TCP
+      name: api
+  selector:
+    app: {{ include "wazuh.fullname" . }}-manager
+    node-type: master
+    {{- include "wazuh.selectorLabels" . | nindent 4 }}
diff --git a/charts/wazuh/templates/manager/wazuh-secret.yaml b/charts/wazuh/templates/manager/wazuh-secret.yaml
new file mode 100644
index 0000000..221828b
--- /dev/null
+++ b/charts/wazuh/templates/manager/wazuh-secret.yaml
@@ -0,0 +1,14 @@
+{{- if not .Values.manager.config.secrets.existingSecretName }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name:  {{ include "wazuh.fullname" . }}-manager
+type: Opaque
+data:
+  API_PASSWORD: {{ .Values.manager.config.secrets.wazuhApiPassword | b64enc }}
+  API_USERNAME: {{ .Values.manager.config.secrets.wazuhApiUsername | b64enc }}
+  INDEXER_PASSWORD: {{ .Values.manager.config.secrets.indexerPassword | b64enc }}
+  INDEXER_USERNAME: {{ .Values.manager.config.secrets.indexerUsername | b64enc }}
+  WAZUH_CLUSTER_KEY: {{ .Values.manager.config.secrets.wazuhClusterKey | b64enc }}
+  authd.pass: {{ .Values.manager.config.secrets.wazuhAuthDPass | b64enc }}
+{{- end }}
diff --git a/charts/wazuh/templates/manager/wazuh-worker-sts.yaml b/charts/wazuh/templates/manager/wazuh-worker-sts.yaml
new file mode 100644
index 0000000..3971629
--- /dev/null
+++ b/charts/wazuh/templates/manager/wazuh-worker-sts.yaml
@@ -0,0 +1,169 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "wazuh.fullname" . }}-manager-worker
+  labels:
+    {{- include "wazuh.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.manager.workers.replicaCount }}
+  serviceName: {{ include "wazuh.fullname" . }}-cluster
+  podManagementPolicy: Parallel
+  selector:
+    matchLabels:
+      app: {{ include "wazuh.fullname" . }}-manager
+      node-type: worker
+      {{- include "wazuh.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.manager.workers.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        app: {{ include "wazuh.fullname" . }}-manager
+        node-type: worker
+        {{- include "wazuh.labels" . | nindent 8 }}
+        {{- with .Values.manager.workers.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.manager.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "wazuh.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.manager.workers.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ include "wazuh.fullname" . }}-manager
+          securityContext:
+            {{- toYaml .Values.manager.workers.securityContext | nindent 12 }}
+          image: "{{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.manager.image.pullPolicy }}
+          envFrom:
+            {{- if .Values.manager.config.secrets.existingSecretName }}
+            - secretRef:
+                name: {{ .Values.manager.config.secrets.existingSecretName }}
+            {{- else }}
+            - secretRef:
+                name: {{ include "wazuh.fullname" . }}-manager
+            {{- end }}
+          env:
+            - name: INDEXER_URL
+              value: {{ .Values.global.indexerUrl | quote }}
+            - name: FILEBEAT_SSL_VERIFICATION_MODE
+              value: {{ .Values.manager.config.filebeatSSLVerificationMode | quote }}
+            - name: SSL_CERTIFICATE_AUTHORITIES
+              value: /etc/ssl/root-ca.pem
+            - name: SSL_CERTIFICATE
+              value: /etc/ssl/filebeat.pem
+            - name: SSL_KEY
+              value: /etc/ssl/filebeat.key
+          ports:
+            - name: agents-events
+              containerPort: 1514
+              protocol: TCP
+            - name: cluster
+              containerPort: 1516
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.manager.workers.resources | nindent 12 }}
+          volumeMounts:
+            - name: config
+              mountPath: /wazuh-config-mount/etc/ossec.conf
+              subPath: worker.conf
+              readOnly: true
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/api/configuration
+              subPath: wazuh/var/ossec/api/configuration
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/etc
+              subPath: wazuh/var/ossec/etc
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/logs
+              subPath: wazuh/var/ossec/logs
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/queue
+              subPath: wazuh/var/ossec/queue
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/var/multigroups
+              subPath: wazuh/var/ossec/var/multigroups
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/integrations
+              subPath: wazuh/var/ossec/integrations
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/active-response/bin
+              subPath: wazuh/var/ossec/active-response/bin
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/agentless
+              subPath: wazuh/var/ossec/agentless
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/wodles
+              subPath: wazuh/var/ossec/wodles
+            - name: wazuh-manager-worker
+              mountPath: /etc/filebeat
+              subPath: filebeat/etc/filebeat
+            - name: wazuh-manager-worker
+              mountPath: /var/lib/filebeat
+              subPath: filebeat/var/lib/filebeat
+            - name: filebeat-certs
+              mountPath: /etc/ssl/root-ca.pem
+              readOnly: true
+              subPath: root-ca.pem
+            - name: filebeat-certs
+              mountPath: /etc/ssl/filebeat.pem
+              subPath: filebeat.pem
+              readOnly: true
+            - name: filebeat-certs
+              mountPath: /etc/ssl/filebeat.key
+              subPath: filebeat-key.pem
+              readOnly: true
+          {{- with .Values.manager.workers.volumeMounts }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      volumes:
+       {{- if .Values.manager.config.customManagerConfig }}
+        - name: config
+          configMap:
+            name: {{ .Values.manager.config.customManagerConfig }}
+        {{- else }}
+        - name: config
+          configMap:
+            name: {{ include "wazuh.fullname" . }}-manager-config
+        {{- end }}
+        - name: filebeat-certs
+          secret:
+            secretName: {{ .Values.indexer.config.indexerCertsSecretName }}
+        {{- if .Values.manager.workers.storage.existingClaim }}
+        - name: wazuh-manager-worker
+          persistentVolumeClaim:
+            claimName: {{ .Values.manager.workers.storage.existingClaim }}
+        {{- end }}
+      {{- with .Values.manager.workers.volumes }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.manager.workers.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.manager.workers.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.manager.workers.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+  {{- if not .Values.manager.workers.storage.existingClaim }}
+  volumeClaimTemplates:
+    - metadata:
+        name:  wazuh-manager-worker
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        {{- if .Values.manager.workers.storage.storageClassName }}
+        storageClassName: {{ .Values.manager.workers.storage.storageClassName }}
+        {{- end }}
+        resources:
+          requests:
+            storage: {{ .Values.manager.workers.storage.size }}
+  {{- end }}
diff --git a/charts/wazuh/templates/manager/wazuh-workers-svc .yaml b/charts/wazuh/templates/manager/wazuh-workers-svc .yaml
new file mode 100644
index 0000000..63ff3e0
--- /dev/null
+++ b/charts/wazuh/templates/manager/wazuh-workers-svc .yaml	
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "wazuh.fullname" . }}-workers
+  labels:
+    app: {{ include "wazuh.fullname" . }}-manager
+    {{- include "wazuh.labels" . | nindent 4 }}
+  {{- with .Values.manager.workers.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 8 }}
+  {{- end }}
+spec:
+  type: {{ .Values.manager.workers.service.type }}
+  ports:
+    - port: 1514
+      targetPort: 1514
+      protocol: TCP
+      name: agents-events
+  selector:
+    app: {{ include "wazuh.fullname" . }}-manager
+    node-type: worker
+    {{- include "wazuh.selectorLabels" . | nindent 4 }}
diff --git a/charts/wazuh/templates/serviceaccount.yaml b/charts/wazuh/templates/serviceaccount.yaml
new file mode 100644
index 0000000..d39660a
--- /dev/null
+++ b/charts/wazuh/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "wazuh.serviceAccountName" . }}
+  labels:
+    {{- include "wazuh.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/charts/wazuh/values.yaml b/charts/wazuh/values.yaml
new file mode 100644
index 0000000..07cc19e
--- /dev/null
+++ b/charts/wazuh/values.yaml
@@ -0,0 +1,382 @@
+# Default values for wazuh.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+  indexerUrl: "http://wazuh-indexer:9200"
+  wazuhApiUrl: "https://wazuh"
+
+indexer:
+  image:
+    repository: wazuh/wazuh-indexer
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: "4.7.4"
+
+  config:
+    sslEnabled: false
+    # **REQUIRED**
+    # The Secret name for the indexer certs must have the following keys
+    # admin-key.pem, admin.pem, dashboard-key.pem, dashboard.pem
+    # filebeat-key.pem, filebeat.pem, node-key.pem, node.pem, root-ca.pem
+    indexerCertsSecretName: "indexer-certs"
+    # The name of the configmap that includes the custom indexer config
+    # Must have the following key "opensearch.yml"
+    indexerCustomConfig: ""
+    # Custom indexer internal_users.yml file secretname
+    # usernames and passwords hashes are in this file
+    # Must have the key "internal_users.yml"
+    # Please read https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html#change-the-password-of-wazuh-users
+    indexerInternalUsersSecretName: ""
+
+  imagePullSecrets: []
+
+  replicaCount: 1
+
+  podAnnotations: {}
+
+  podLabels: {}
+
+  podSecurityContext: {}
+  # fsGroup: 2000
+
+  securityContext:
+    capabilities:
+      add: ["SYS_CHROOT"]
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+  # Additional volumes on the output StatefulSet definition.
+  volumes: []
+  # - name: foo
+  #   secret:
+  #     secretName: mysecret
+  #     optional: false
+
+  # Additional volumeMounts on the output StatefulSet definition.
+  volumeMounts: []
+  # - name: foo
+  #   mountPath: "/etc/foo"
+  #   readOnly: true
+
+  resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  storage:
+    storageClassName: ""
+    size: "1Gi"
+    existingClaim: ""
+
+manager:
+  image:
+    repository: wazuh/wazuh-manager
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: "4.7.4"
+
+  imagePullSecrets: []
+
+  config:
+    # possible values 'full' and 'none'
+    filebeatSSLVerificationMode: "none"
+    # The name of the configmap that includes the custom manager configurations
+    # Must have following keys
+    # 'master.conf', 'worker.conf'
+    customManagerConfig: ""
+
+    secrets:
+      # If you provide an existing secret name those values will be ignored
+      # -------------------
+      #
+      # WARN: Those are the default indexer credentials for the wazuh-ui 'dashboard',
+      # do not change unless you changed the passwords and the usernames
+      # using the indexerInternalUsersSecretName in the indexer section
+      indexerUsername: "admin"
+      indexerPassword: "SecretPassword"
+      # -------------------
+      wazuhApiUsername: "wazuh"
+      # Note The password for Wazuh API users must be between 8 and 64 characters long.
+      # It must contain at least one uppercase and one lowercase letter, a number, and a symbol.
+      wazuhApiPassword: "Pho8OH1voo6eew@ahVui4Ahghu6leith"
+      wazuhClusterKey: "123a45bc67def891gh23i45jk67l8mn9"
+      wazuhAuthDPass: "password"
+      # The secret must have the following keys
+      # INDEXER_USERNAME, INDEXER_PASSWORD
+      # API_USERNAME, API_PASSWORD
+      # WAZUH_CLUSTER_KEY
+      # authd.pass
+      existingSecretName: ""
+
+  master:
+    service:
+      type: ClusterIP
+      annotations: {}
+
+    podSecurityContext:
+      fsGroup: 101
+      # fsGroup: 2000
+
+    podAnnotations: {}
+
+    podLabels: {}
+
+    securityContext:
+      capabilities:
+        add: ["SYS_CHROOT"]
+    # capabilities:
+    #   drop:
+    #   - ALL
+    # readOnlyRootFilesystem: true
+    # runAsNonRoot: true
+    # runAsUser: 1000
+
+    # Additional volumes on the output deployment definition.
+    volumes: []
+    # - name: foo
+    #   secret:
+    #     secretName: mysecret
+    #     optional: false
+
+    # Additional volumeMounts on the output deployment definition.
+    volumeMounts: []
+    # - name: foo
+    #   mountPath: "/etc/foo"
+    #   readOnly: true
+
+    resources: {}
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 128Mi
+
+    nodeSelector: {}
+
+    tolerations: []
+
+    affinity: {}
+
+    storage:
+      storageClassName: ""
+      size: "1Gi"
+      existingClaim: ""
+
+  workers:
+    replicaCount: 1
+
+    service:
+      type: ClusterIP
+      annotations: {}
+
+    podSecurityContext:
+      fsGroup: 101
+      # fsGroup: 2000
+
+    podAnnotations: {}
+
+    podLabels: {}
+
+    securityContext:
+      capabilities:
+        add: ["SYS_CHROOT"]
+    # capabilities:
+    #   drop:
+    #   - ALL
+    # readOnlyRootFilesystem: true
+    # runAsNonRoot: true
+    # runAsUser: 1000
+
+    # Additional volumes on the output deployment definition.
+    volumes: []
+    # - name: foo
+    #   secret:
+    #     secretName: mysecret
+    #     optional: false
+
+    # Additional volumeMounts on the output deployment definition.
+    volumeMounts: []
+    # - name: foo
+    #   mountPath: "/etc/foo"
+    #   readOnly: true
+
+    resources: {}
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 128Mi
+
+    nodeSelector: {}
+
+    tolerations: []
+
+    affinity: {}
+
+    storage:
+      storageClassName: ""
+      size: "1Gi"
+      existingClaim: ""
+
+dashboard:
+  replicaCount: 1
+
+  image:
+    repository: wazuh/wazuh-dashboard
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: "4.7.4"
+
+  config:
+    ServerSSL: false
+    # ** REQUIRED **
+    # The Secret name for the dashboard certs must have the following keys
+    # cert.pem, key.pem, root-ca.pem
+    dashboardCertsSecretName: "dashboard-certs"
+    # ----------------
+    # The configmap name that includes the dashboard custom config file
+    # Must have the key 'opensearch_dashboards.yml'
+    dashboardCustomConfig: ""
+
+    secrets:
+      # If you provide an existing secret name those values will be ignored
+      # -------------------
+      # WARN: Those are the default indexer dashboard credentials,
+      # do not change unless you changed the passwords and the usernames
+      # using the indexerInternalUsersSecretName in the indexer section
+      dashboardUsername: "kibanaserver"
+      dashboardPassword: "kibanaserver"
+      # -------------------
+      # The secret must have the following keys
+      # DASHBOARD_USERNAME, DASHBOARD_PASSWORD
+      existingSecretName: ""
+
+  imagePullSecrets: []
+
+  podAnnotations: {}
+
+  podLabels: {}
+
+  podSecurityContext: {}
+  # fsGroup: 2000
+
+  securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+  # Additional volumes on the output deployment definition.
+  volumes: []
+  # - name: foo
+  #   secret:
+  #     secretName: mysecret
+  #     optional: false
+
+  # Additional volumeMounts on the output deployment definition.
+  volumeMounts: []
+  # - name: foo
+  #   mountPath: "/etc/foo"
+  #   readOnly: true
+
+  resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+  livenessProbe:
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+    httpGet:
+      path: /
+      port: dashboard
+  readinessProbe:
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+    httpGet:
+      path: /
+      port: dashboard
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  service:
+    type: ClusterIP
+    port: 443
+
+  ingress:
+    enabled: false
+    className: ""
+    annotations:
+      {}
+      # kubernetes.io/ingress.class: nginx
+      # kubernetes.io/tls-acme: "true"
+    hosts:
+      - host: chart-example.local
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Automatically mount a ServiceAccount's API credentials?
+  automount: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
diff --git a/charts/wazuh/wazuh_conf/master.conf b/charts/wazuh/wazuh_conf/master.conf
new file mode 100644
index 0000000..d0affc4
--- /dev/null
+++ b/charts/wazuh/wazuh_conf/master.conf
@@ -0,0 +1,401 @@
+<!--
+  Wazuh - Manager - Default configuration for ubuntu 16.04
+  More info at: https://documentation.wazuh.com
+  Mailing list: https://groups.google.com/forum/#!forum/wazuh
+
+  Customization: TCP on port 1514
+  Customization: Cluster mode enabled, master node
+-->
+<ossec_config>
+  <global>
+    <jsonout_output>yes</jsonout_output>
+    <alerts_log>yes</alerts_log>
+    <logall>no</logall>
+    <logall_json>no</logall_json>
+    <email_notification>no</email_notification>
+    <smtp_server>smtp.example.wazuh.com</smtp_server>
+    <email_from>ossecm@example.wazuh.com</email_from>
+    <email_to>recipient@example.wazuh.com</email_to>
+    <email_maxperhour>12</email_maxperhour>
+    <email_log_source>alerts.log</email_log_source>
+    <queue_size>131072</queue_size>
+    <agents_disconnection_time>20s</agents_disconnection_time>
+    <agents_disconnection_alert_time>100s</agents_disconnection_alert_time>
+  </global>
+
+  <alerts>
+    <log_alert_level>3</log_alert_level>
+    <email_alert_level>12</email_alert_level>
+  </alerts>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+  <remote>
+    <connection>secure</connection>
+    <port>1514</port>
+    <protocol>tcp</protocol>
+    <queue_size>131072</queue_size>
+  </remote>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_unixaudit>yes</check_unixaudit>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
+
+    <system_audit>/var/ossec/etc/rootcheck/system_audit_rcl.txt</system_audit>
+    <system_audit>/var/ossec/etc/rootcheck/system_audit_ssh.txt</system_audit>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="open-scap">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+  </wodle>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+  </wodle>
+
+  <vulnerability-detector>
+    <enabled>no</enabled>
+    <interval>5m</interval>
+    <min_full_scan_interval>6h</min_full_scan_interval>
+    <run_on_start>yes</run_on_start>
+
+    <!-- Ubuntu OS vulnerabilities -->
+    <provider name="canonical">
+      <enabled>no</enabled>
+      <os>trusty</os>
+      <os>xenial</os>
+      <os>bionic</os>
+      <os>focal</os>
+      <os>jammy</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Debian OS vulnerabilities -->
+    <provider name="debian">
+      <enabled>no</enabled>
+      <os>buster</os>
+      <os>bullseye</os>
+      <os>bookworm</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- RedHat OS vulnerabilities -->
+    <provider name="redhat">
+      <enabled>no</enabled>
+      <os>5</os>
+      <os>6</os>
+      <os>7</os>
+      <os>8</os>
+      <os>9</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Amazon Linux OS vulnerabilities -->
+    <provider name="alas">
+      <enabled>no</enabled>
+      <os>amazon-linux</os>
+      <os>amazon-linux-2</os>
+      <os>amazon-linux-2023</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- SUSE Linux Enterprise OS vulnerabilities -->
+    <provider name="suse">
+      <enabled>no</enabled>
+      <os>11-server</os>
+      <os>11-desktop</os>
+      <os>12-server</os>
+      <os>12-desktop</os>
+      <os>15-server</os>
+      <os>15-desktop</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Arch OS vulnerabilities -->
+    <provider name="arch">
+      <enabled>no</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Windows OS vulnerabilities -->
+    <provider name="msu">
+      <enabled>yes</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Aggregate vulnerabilities -->
+    <provider name="nvd">
+      <enabled>yes</enabled>
+      <update_from_year>2010</update_from_year>
+      <update_interval>1h</update_interval>
+    </provider>
+
+  </vulnerability-detector>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>43200</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Generate alert when new file detected -->
+    <alert_new_files>yes</alert_new_files>
+
+    <!-- Don't ignore files that change more than 'frequency' times -->
+    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
+    <directories check_all="yes">/bin,/sbin,/boot</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+    <ignore>/sys/kernel/security</ignore>
+    <ignore>/sys/kernel/debug</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+
+    <!-- Remove not monitored files -->
+    <remove_old_diff>yes</remove_old_diff>
+
+    <!-- Allow the system to restart Auditd after installing the plugin -->
+    <restart_audit>yes</restart_audit>
+  </syscheck>
+
+  <!-- Active response -->
+  <global>
+    <white_list>127.0.0.1</white_list>
+    <white_list>^localhost.localdomain$</white_list>
+    <white_list>10.66.0.2</white_list>
+  </global>
+
+  <command>
+    <name>disable-account</name>
+    <executable>disable-account.sh</executable>
+    <expect>user</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>restart-ossec</name>
+    <executable>restart-ossec.sh</executable>
+    <expect></expect>
+  </command>
+
+  <command>
+    <name>firewall-drop</name>
+    <executable>firewall-drop</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>host-deny</name>
+    <executable>host-deny.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>route-null</name>
+    <executable>route-null.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null</name>
+    <executable>route-null.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null-2012</name>
+    <executable>route-null-2012.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh</name>
+    <executable>netsh.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh-win-2016</name>
+    <executable>netsh-win-2016.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <!--
+  <active-response>
+    active-response options here
+  </active-response>
+  -->
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <ruleset>
+    <!-- Default ruleset -->
+    <decoder_dir>ruleset/decoders</decoder_dir>
+    <rule_dir>ruleset/rules</rule_dir>
+    <rule_exclude>0215-policy_rules.xml</rule_exclude>
+    <list>etc/lists/audit-keys</list>
+    <list>etc/lists/amazon/aws-sources</list>
+    <list>etc/lists/amazon/aws-eventnames</list>
+
+    <!-- User-defined ruleset -->
+    <decoder_dir>etc/decoders</decoder_dir>
+    <rule_dir>etc/rules</rule_dir>
+  </ruleset>
+
+  <rule_test>
+	    <enabled>yes</enabled>
+	    <threads>1</threads>
+	    <max_sessions>64</max_sessions>
+	    <session_timeout>15m</session_timeout>
+  </rule_test>
+
+  <!-- Configuration for ossec-authd
+    To enable this service, run:
+    wazuh-control enable auth
+  -->
+  <auth>
+    <disabled>no</disabled>
+    <port>1515</port>
+    <use_source_ip>no</use_source_ip>
+    <force>
+      <enabled>yes</enabled>
+      <key_mismatch>yes</key_mismatch>
+      <disconnected_time enabled="yes">1h</disconnected_time>
+      <after_registration_time>1h</after_registration_time>
+    </force>
+    <purge>no</purge>
+    <use_password>yes</use_password>
+    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
+    <!-- <ssl_agent_ca></ssl_agent_ca> -->
+    <ssl_verify_host>no</ssl_verify_host>
+    <ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
+    <ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
+    <ssl_auto_negotiate>no</ssl_auto_negotiate>
+  </auth>
+
+  <cluster>
+    <name>wazuh</name>
+    <node_name>wazuh-manager-master</node_name>
+    <node_type>master</node_type>
+    <key>to_be_replaced_by_cluster_key</key>
+    <port>1516</port>
+    <bind_addr>0.0.0.0</bind_addr>
+    <nodes>
+        <node>wazuh-manager-master-0.wazuh-cluster.wazuh</node>
+    </nodes>
+    <hidden>no</hidden>
+    <disabled>no</disabled>
+  </cluster>
+</ossec_config>
+
+<ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/syslog</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/dpkg.log</location>
+  </localfile>
+</ossec_config>
diff --git a/charts/wazuh/wazuh_conf/worker.conf b/charts/wazuh/wazuh_conf/worker.conf
new file mode 100644
index 0000000..9092b31
--- /dev/null
+++ b/charts/wazuh/wazuh_conf/worker.conf
@@ -0,0 +1,401 @@
+<!--
+  Wazuh - Manager - Default configuration for ubuntu 16.04
+  More info at: https://documentation.wazuh.com
+  Mailing list: https://groups.google.com/forum/#!forum/wazuh
+
+  Customization: TCP on port 1514
+  Customization: Cluster mode enabled, worker node
+-->
+<ossec_config>
+  <global>
+    <jsonout_output>yes</jsonout_output>
+    <alerts_log>yes</alerts_log>
+    <logall>no</logall>
+    <logall_json>no</logall_json>
+    <email_notification>no</email_notification>
+    <smtp_server>smtp.example.wazuh.com</smtp_server>
+    <email_from>ossecm@example.wazuh.com</email_from>
+    <email_to>recipient@example.wazuh.com</email_to>
+    <email_maxperhour>12</email_maxperhour>
+    <email_log_source>alerts.log</email_log_source>
+    <queue_size>131072</queue_size>
+    <agents_disconnection_time>20s</agents_disconnection_time>
+    <agents_disconnection_alert_time>100s</agents_disconnection_alert_time>
+  </global>
+
+  <alerts>
+    <log_alert_level>3</log_alert_level>
+    <email_alert_level>12</email_alert_level>
+  </alerts>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+  <remote>
+    <connection>secure</connection>
+    <port>1514</port>
+    <protocol>tcp</protocol>
+    <queue_size>131072</queue_size>
+  </remote>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_unixaudit>yes</check_unixaudit>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
+
+    <system_audit>/var/ossec/etc/rootcheck/system_audit_rcl.txt</system_audit>
+    <system_audit>/var/ossec/etc/rootcheck/system_audit_ssh.txt</system_audit>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="open-scap">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+  </wodle>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+  </wodle>
+
+  <vulnerability-detector>
+    <enabled>no</enabled>
+    <interval>5m</interval>
+    <min_full_scan_interval>6h</min_full_scan_interval>
+    <run_on_start>yes</run_on_start>
+
+    <!-- Ubuntu OS vulnerabilities -->
+    <provider name="canonical">
+      <enabled>no</enabled>
+      <os>trusty</os>
+      <os>xenial</os>
+      <os>bionic</os>
+      <os>focal</os>
+      <os>jammy</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Debian OS vulnerabilities -->
+    <provider name="debian">
+      <enabled>no</enabled>
+      <os>buster</os>
+      <os>bullseye</os>
+      <os>bookworm</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- RedHat OS vulnerabilities -->
+    <provider name="redhat">
+      <enabled>no</enabled>
+      <os>5</os>
+      <os>6</os>
+      <os>7</os>
+      <os>8</os>
+      <os>9</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Amazon Linux OS vulnerabilities -->
+    <provider name="alas">
+      <enabled>no</enabled>
+      <os>amazon-linux</os>
+      <os>amazon-linux-2</os>
+      <os>amazon-linux-2023</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- SUSE Linux Enterprise OS vulnerabilities -->
+    <provider name="suse">
+      <enabled>no</enabled>
+      <os>11-server</os>
+      <os>11-desktop</os>
+      <os>12-server</os>
+      <os>12-desktop</os>
+      <os>15-server</os>
+      <os>15-desktop</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Arch OS vulnerabilities -->
+    <provider name="arch">
+      <enabled>no</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Windows OS vulnerabilities -->
+    <provider name="msu">
+      <enabled>yes</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Aggregate vulnerabilities -->
+    <provider name="nvd">
+      <enabled>yes</enabled>
+      <update_from_year>2010</update_from_year>
+      <update_interval>1h</update_interval>
+    </provider>
+
+  </vulnerability-detector>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>43200</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Generate alert when new file detected -->
+    <alert_new_files>yes</alert_new_files>
+
+    <!-- Don't ignore files that change more than 'frequency' times -->
+    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
+    <directories check_all="yes">/bin,/sbin,/boot</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+    <ignore>/sys/kernel/security</ignore>
+    <ignore>/sys/kernel/debug</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+
+    <!-- Remove not monitored files -->
+    <remove_old_diff>yes</remove_old_diff>
+
+    <!-- Allow the system to restart Auditd after installing the plugin -->
+    <restart_audit>yes</restart_audit>
+  </syscheck>
+
+  <!-- Active response -->
+  <global>
+    <white_list>127.0.0.1</white_list>
+    <white_list>^localhost.localdomain$</white_list>
+    <white_list>10.66.0.2</white_list>
+  </global>
+
+  <command>
+    <name>disable-account</name>
+    <executable>disable-account.sh</executable>
+    <expect>user</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>restart-ossec</name>
+    <executable>restart-ossec.sh</executable>
+    <expect></expect>
+  </command>
+
+  <command>
+    <name>firewall-drop</name>
+    <executable>firewall-drop</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>host-deny</name>
+    <executable>host-deny.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>route-null</name>
+    <executable>route-null.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null</name>
+    <executable>route-null.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null-2012</name>
+    <executable>route-null-2012.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh</name>
+    <executable>netsh.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh-win-2016</name>
+    <executable>netsh-win-2016.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <!--
+  <active-response>
+    active-response options here
+  </active-response>
+  -->
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <ruleset>
+    <!-- Default ruleset -->
+    <decoder_dir>ruleset/decoders</decoder_dir>
+    <rule_dir>ruleset/rules</rule_dir>
+    <rule_exclude>0215-policy_rules.xml</rule_exclude>
+    <list>etc/lists/audit-keys</list>
+    <list>etc/lists/amazon/aws-sources</list>
+    <list>etc/lists/amazon/aws-eventnames</list>
+
+    <!-- User-defined ruleset -->
+    <decoder_dir>etc/decoders</decoder_dir>
+    <rule_dir>etc/rules</rule_dir>
+  </ruleset>
+
+  <rule_test>
+	    <enabled>yes</enabled>
+	    <threads>1</threads>
+	    <max_sessions>64</max_sessions>
+	    <session_timeout>15m</session_timeout>
+  </rule_test>
+
+  <!-- Configuration for ossec-authd
+    To enable this service, run:
+    wazuh-control enable auth
+  -->
+  <auth>
+    <disabled>no</disabled>
+    <port>1515</port>
+    <use_source_ip>no</use_source_ip>
+    <force>
+      <enabled>yes</enabled>
+      <key_mismatch>yes</key_mismatch>
+      <disconnected_time enabled="yes">1h</disconnected_time>
+      <after_registration_time>1h</after_registration_time>
+    </force>
+    <purge>no</purge>
+    <use_password>no</use_password>
+    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
+    <!-- <ssl_agent_ca></ssl_agent_ca> -->
+    <ssl_verify_host>no</ssl_verify_host>
+    <ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
+    <ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
+    <ssl_auto_negotiate>no</ssl_auto_negotiate>
+  </auth>
+
+  <cluster>
+    <name>wazuh</name>
+    <node_name>to_be_replaced_by_hostname</node_name>
+    <node_type>worker</node_type>
+    <key>to_be_replaced_by_cluster_key</key>
+    <port>1516</port>
+    <bind_addr>0.0.0.0</bind_addr>
+    <nodes>
+        <node>wazuh-manager-master-0.wazuh-cluster.wazuh</node>
+    </nodes>
+    <hidden>no</hidden>
+    <disabled>no</disabled>
+  </cluster>
+</ossec_config>
+
+<ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/syslog</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/dpkg.log</location>
+  </localfile>
+</ossec_config>

From bf449c74866abe068fa00aec023d705d69d42706 Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Wed, 12 Jun 2024 17:59:01 +0300
Subject: [PATCH 02/20] [wazuh] remove default secret names from values

---
 charts/wazuh/Chart.yaml  | 2 +-
 charts/wazuh/values.yaml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/charts/wazuh/Chart.yaml b/charts/wazuh/Chart.yaml
index b31c185..9892b44 100644
--- a/charts/wazuh/Chart.yaml
+++ b/charts/wazuh/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.1.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/wazuh/values.yaml b/charts/wazuh/values.yaml
index 07cc19e..ffa606c 100644
--- a/charts/wazuh/values.yaml
+++ b/charts/wazuh/values.yaml
@@ -19,7 +19,7 @@ indexer:
     # The Secret name for the indexer certs must have the following keys
     # admin-key.pem, admin.pem, dashboard-key.pem, dashboard.pem
     # filebeat-key.pem, filebeat.pem, node-key.pem, node.pem, root-ca.pem
-    indexerCertsSecretName: "indexer-certs"
+    indexerCertsSecretName: ""
     # The name of the configmap that includes the custom indexer config
     # Must have the following key "opensearch.yml"
     indexerCustomConfig: ""
@@ -260,7 +260,7 @@ dashboard:
     # ** REQUIRED **
     # The Secret name for the dashboard certs must have the following keys
     # cert.pem, key.pem, root-ca.pem
-    dashboardCertsSecretName: "dashboard-certs"
+    dashboardCertsSecretName: ""
     # ----------------
     # The configmap name that includes the dashboard custom config file
     # Must have the key 'opensearch_dashboards.yml'

From da9a824afc737116cf4a17edd0f92ee9e224c0e7 Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Thu, 13 Jun 2024 15:54:43 +0300
Subject: [PATCH 03/20] [wazuh] change ingress svc name

---
 charts/wazuh/Chart.yaml                                | 2 +-
 charts/wazuh/templates/dashboard/dasboard-ingress.yaml | 8 ++++----
 charts/wazuh/values.yaml                               | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/charts/wazuh/Chart.yaml b/charts/wazuh/Chart.yaml
index 9892b44..a910ceb 100644
--- a/charts/wazuh/Chart.yaml
+++ b/charts/wazuh/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.1
+version: 0.1.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/wazuh/templates/dashboard/dasboard-ingress.yaml b/charts/wazuh/templates/dashboard/dasboard-ingress.yaml
index c0849f5..847d239 100644
--- a/charts/wazuh/templates/dashboard/dasboard-ingress.yaml
+++ b/charts/wazuh/templates/dashboard/dasboard-ingress.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.dashboard.ingress.enabled -}}
-{{- $fullName := include "wazuh.fullname" . -}}-dashboard
+{{- $fullName := include "wazuh.fullname" . -}}
 {{- $svcPort := .Values.dashboard.service.port -}}
 {{- if and .Values.dashboard.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
   {{- if not (hasKey .Values.dashboard.ingress.annotations "kubernetes.io/ingress.class") }}
@@ -15,7 +15,7 @@ apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
-  name: {{ $fullName }}
+  name: {{ $fullName }}-dashboard
   labels:
     {{- include "wazuh.labels" . | nindent 4 }}
   {{- with .Values.dashboard.ingress.annotations }}
@@ -49,11 +49,11 @@ spec:
             backend:
               {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
               service:
-                name: {{ $fullName }}
+                name: {{ $fullName }}-dashboard
                 port:
                   number: {{ $svcPort }}
               {{- else }}
-              serviceName: {{ $fullName }}
+              serviceName: {{ $fullName }}-dashboard
               servicePort: {{ $svcPort }}
               {{- end }}
           {{- end }}
diff --git a/charts/wazuh/values.yaml b/charts/wazuh/values.yaml
index ffa606c..3d16e61 100644
--- a/charts/wazuh/values.yaml
+++ b/charts/wazuh/values.yaml
@@ -348,7 +348,7 @@ dashboard:
 
   service:
     type: ClusterIP
-    port: 443
+    port: 5601
 
   ingress:
     enabled: false

From bd3a61bd1d368253134b0dda563f4e77df9b1b7a Mon Sep 17 00:00:00 2001
From: Tamim Hamoudi <tamim_hamoudi@outlook.com>
Date: Wed, 26 Jun 2024 17:23:56 +0300
Subject: [PATCH 04/20] [wazuh] add certificate templates

---
 charts/wazuh/templates/admin-certificate.yaml | 28 +++++++++++++++++++
 .../dashboard/dashboard-certificate.yaml      | 28 +++++++++++++++++++
 .../wazuh/templates/filebeat-certificate.yaml | 28 +++++++++++++++++++
 charts/wazuh/templates/node-certificate.yaml  | 28 +++++++++++++++++++
 charts/wazuh/templates/root-certificate.yaml  | 28 +++++++++++++++++++
 charts/wazuh/values.yaml                      | 15 ++++++++++
 6 files changed, 155 insertions(+)
 create mode 100644 charts/wazuh/templates/admin-certificate.yaml
 create mode 100644 charts/wazuh/templates/dashboard/dashboard-certificate.yaml
 create mode 100644 charts/wazuh/templates/filebeat-certificate.yaml
 create mode 100644 charts/wazuh/templates/node-certificate.yaml
 create mode 100644 charts/wazuh/templates/root-certificate.yaml

diff --git a/charts/wazuh/templates/admin-certificate.yaml b/charts/wazuh/templates/admin-certificate.yaml
new file mode 100644
index 0000000..7834551
--- /dev/null
+++ b/charts/wazuh/templates/admin-certificate.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.certificate.enabled -}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: "admin"
+spec:
+  secretName: "admin"
+  issuerRef:
+    name: {{ .Values.certificate.issuerRef.name }}
+    kind: {{ .Values.certificate.issuerRef.kind }}
+  commonName: {{ .Values.certificate.commonName }}
+  dnsNames:
+    {{- range .Values.certificate.dnsNames }}
+    - {{ . }}
+    {{- end }}
+{{- end }}
+  # acme:
+  #   config:
+  #     - http01:
+  #         {{- if hasKey .Values.certificate.acmeConfig.http01 "ingress" }}
+  #         ingress: {{ .Values.certificate.acmeConfig.http01.ingress }}
+  #         {{- else }}
+  #         ingress: {{ template "wb.fullname" . }}
+  #         {{- end }}
+  #       domains:
+  #         {{- range .Values.certificate.acmeConfig.domains }}
+  #         - {{ . }}
+  #         {{- end }}
\ No newline at end of file
diff --git a/charts/wazuh/templates/dashboard/dashboard-certificate.yaml b/charts/wazuh/templates/dashboard/dashboard-certificate.yaml
new file mode 100644
index 0000000..69449ac
--- /dev/null
+++ b/charts/wazuh/templates/dashboard/dashboard-certificate.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.certificate.enabled -}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: "dashboard"
+spec:
+  secretName: "dashboard"
+  issuerRef:
+    name: {{ .Values.certificate.issuerRef.name }}
+    kind: {{ .Values.certificate.issuerRef.kind }}
+  commonName: {{ .Values.certificate.commonName }}
+  dnsNames:
+    {{- range .Values.certificate.dnsNames }}
+    - {{ . }}
+    {{- end }}
+{{- end }}
+  # acme:
+  #   config:
+  #     - http01:
+  #         {{- if hasKey .Values.certificate.acmeConfig.http01 "ingress" }}
+  #         ingress: {{ .Values.certificate.acmeConfig.http01.ingress }}
+  #         {{- else }}
+  #         ingress: {{ template "wb.fullname" . }}
+  #         {{- end }}
+  #       domains:
+  #         {{- range .Values.certificate.acmeConfig.domains }}
+  #         - {{ . }}
+  #         {{- end }}
\ No newline at end of file
diff --git a/charts/wazuh/templates/filebeat-certificate.yaml b/charts/wazuh/templates/filebeat-certificate.yaml
new file mode 100644
index 0000000..ccc9fee
--- /dev/null
+++ b/charts/wazuh/templates/filebeat-certificate.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.certificate.enabled -}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: "filebeat"
+spec:
+  secretName: "filebeat"
+  issuerRef:
+    name: {{ .Values.certificate.issuerRef.name }}
+    kind: {{ .Values.certificate.issuerRef.kind }}
+  commonName: {{ .Values.certificate.commonName }}
+  dnsNames:
+    {{- range .Values.certificate.dnsNames }}
+    - {{ . }}
+    {{- end }}
+{{- end }}
+  # acme:
+  #   config:
+  #     - http01:
+  #         {{- if hasKey .Values.certificate.acmeConfig.http01 "ingress" }}
+  #         ingress: {{ .Values.certificate.acmeConfig.http01.ingress }}
+  #         {{- else }}
+  #         ingress: {{ template "wb.fullname" . }}
+  #         {{- end }}
+  #       domains:
+  #         {{- range .Values.certificate.acmeConfig.domains }}
+  #         - {{ . }}
+  #         {{- end }}
\ No newline at end of file
diff --git a/charts/wazuh/templates/node-certificate.yaml b/charts/wazuh/templates/node-certificate.yaml
new file mode 100644
index 0000000..5ef8cf9
--- /dev/null
+++ b/charts/wazuh/templates/node-certificate.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.certificate.enabled -}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: "node"
+spec:
+  secretName: "node"
+  issuerRef:
+    name: {{ .Values.certificate.issuerRef.name }}
+    kind: {{ .Values.certificate.issuerRef.kind }}
+  commonName: {{ .Values.certificate.commonName }}
+  dnsNames:
+    {{- range .Values.certificate.dnsNames }}
+    - {{ . }}
+    {{- end }}
+{{- end }}
+  # acme:
+  #   config:
+  #     - http01:
+  #         {{- if hasKey .Values.certificate.acmeConfig.http01 "ingress" }}
+  #         ingress: {{ .Values.certificate.acmeConfig.http01.ingress }}
+  #         {{- else }}
+  #         ingress: {{ template "wb.fullname" . }}
+  #         {{- end }}
+  #       domains:
+  #         {{- range .Values.certificate.acmeConfig.domains }}
+  #         - {{ . }}
+  #         {{- end }}
\ No newline at end of file
diff --git a/charts/wazuh/templates/root-certificate.yaml b/charts/wazuh/templates/root-certificate.yaml
new file mode 100644
index 0000000..ff68c62
--- /dev/null
+++ b/charts/wazuh/templates/root-certificate.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.certificate.enabled -}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: "root-ca"
+spec:
+  secretName: "root-ca"
+  issuerRef:
+    name: {{ .Values.certificate.issuerRef.name }}
+    kind: {{ .Values.certificate.issuerRef.kind }}
+  commonName: {{ .Values.certificate.commonName }}
+  dnsNames:
+    {{- range .Values.certificate.dnsNames }}
+    - {{ . }}
+    {{- end }}
+{{- end }}
+  # acme:
+  #   config:
+  #     - http01:
+  #         {{- if hasKey .Values.certificate.acmeConfig.http01 "ingress" }}
+  #         ingress: {{ .Values.certificate.acmeConfig.http01.ingress }}
+  #         {{- else }}
+  #         ingress: {{ template "wb.fullname" . }}
+  #         {{- end }}
+  #       domains:
+  #         {{- range .Values.certificate.acmeConfig.domains }}
+  #         - {{ . }}
+  #         {{- end }}
\ No newline at end of file
diff --git a/charts/wazuh/values.yaml b/charts/wazuh/values.yaml
index 3d16e61..5c5b043 100644
--- a/charts/wazuh/values.yaml
+++ b/charts/wazuh/values.yaml
@@ -13,6 +13,21 @@ indexer:
     # Overrides the image tag whose default is the chart appVersion.
     tag: "4.7.4"
 
+certificate:
+  enabled: false
+  issuerRef:
+    name: "letsencrypt"
+    # We can reference ClusterIssuers by changing the kind here.
+    # The default value is Issuer (i.e. a locally namespaced Issuer)
+    kind: "Issuer"
+  # The use of the common name field has been deprecated since 2000 and is
+  # discouraged from being used.
+  commonName: example.com
+    # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required.
+  dnsNames:
+    - example.com
+    - www.example.com
+
   config:
     sslEnabled: false
     # **REQUIRED**

From 8ea81538c2f5927c6067bf8b7c357bf11104af84 Mon Sep 17 00:00:00 2001
From: Tamim Hamoudi <tamim_hamoudi@outlook.com>
Date: Wed, 26 Jun 2024 17:25:06 +0300
Subject: [PATCH 05/20] [wazuh] add certificate templates

---
 charts/wazuh/templates/admin-certificate.yaml               | 2 +-
 charts/wazuh/templates/dashboard/dashboard-certificate.yaml | 2 +-
 charts/wazuh/templates/filebeat-certificate.yaml            | 2 +-
 charts/wazuh/templates/node-certificate.yaml                | 2 +-
 charts/wazuh/templates/root-certificate.yaml                | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/charts/wazuh/templates/admin-certificate.yaml b/charts/wazuh/templates/admin-certificate.yaml
index 7834551..da11997 100644
--- a/charts/wazuh/templates/admin-certificate.yaml
+++ b/charts/wazuh/templates/admin-certificate.yaml
@@ -25,4 +25,4 @@ spec:
   #       domains:
   #         {{- range .Values.certificate.acmeConfig.domains }}
   #         - {{ . }}
-  #         {{- end }}
\ No newline at end of file
+  #         {{- end }}
diff --git a/charts/wazuh/templates/dashboard/dashboard-certificate.yaml b/charts/wazuh/templates/dashboard/dashboard-certificate.yaml
index 69449ac..ab31fdc 100644
--- a/charts/wazuh/templates/dashboard/dashboard-certificate.yaml
+++ b/charts/wazuh/templates/dashboard/dashboard-certificate.yaml
@@ -25,4 +25,4 @@ spec:
   #       domains:
   #         {{- range .Values.certificate.acmeConfig.domains }}
   #         - {{ . }}
-  #         {{- end }}
\ No newline at end of file
+  #         {{- end }}
diff --git a/charts/wazuh/templates/filebeat-certificate.yaml b/charts/wazuh/templates/filebeat-certificate.yaml
index ccc9fee..232f1c2 100644
--- a/charts/wazuh/templates/filebeat-certificate.yaml
+++ b/charts/wazuh/templates/filebeat-certificate.yaml
@@ -25,4 +25,4 @@ spec:
   #       domains:
   #         {{- range .Values.certificate.acmeConfig.domains }}
   #         - {{ . }}
-  #         {{- end }}
\ No newline at end of file
+  #         {{- end }}
diff --git a/charts/wazuh/templates/node-certificate.yaml b/charts/wazuh/templates/node-certificate.yaml
index 5ef8cf9..040b1c5 100644
--- a/charts/wazuh/templates/node-certificate.yaml
+++ b/charts/wazuh/templates/node-certificate.yaml
@@ -25,4 +25,4 @@ spec:
   #       domains:
   #         {{- range .Values.certificate.acmeConfig.domains }}
   #         - {{ . }}
-  #         {{- end }}
\ No newline at end of file
+  #         {{- end }}
diff --git a/charts/wazuh/templates/root-certificate.yaml b/charts/wazuh/templates/root-certificate.yaml
index ff68c62..28012e7 100644
--- a/charts/wazuh/templates/root-certificate.yaml
+++ b/charts/wazuh/templates/root-certificate.yaml
@@ -25,4 +25,4 @@ spec:
   #       domains:
   #         {{- range .Values.certificate.acmeConfig.domains }}
   #         - {{ . }}
-  #         {{- end }}
\ No newline at end of file
+  #         {{- end }}

From e607ed5b53d5baa3b235b5f862aa499a2c1e57fd Mon Sep 17 00:00:00 2001
From: thamudi <tamim_hamoudi@outlook.com>
Date: Tue, 16 Jul 2024 15:23:00 +0300
Subject: [PATCH 06/20] (wazuh)(update) add certificate templates and tls
 mapping

---
 charts/wazuh/templates/admin-certificate.yaml | 28 ---------
 .../certificates/filebeat-certificate.yaml    | 18 ++++++
 .../dashboard/dashboard-certificate.yaml      | 28 +++------
 .../dashboard/dashboard-deployment.yaml       | 26 ++++++++-
 .../wazuh/templates/filebeat-certificate.yaml | 28 ---------
 .../templates/indexer/admin-certificate.yaml  | 18 ++++++
 .../wazuh/templates/indexer/indexer-sts.yaml  | 40 ++++++++++++-
 .../templates/indexer/node-certificate.yaml   | 18 ++++++
 .../templates/manager/wazuh-master-sts.yaml   | 26 ++++++++-
 .../templates/manager/wazuh-worker-sts.yaml   | 28 +++++++--
 charts/wazuh/templates/node-certificate.yaml  | 28 ---------
 charts/wazuh/templates/root-certificate.yaml  | 28 ---------
 charts/wazuh/values.yaml                      | 57 ++++++++++---------
 13 files changed, 201 insertions(+), 170 deletions(-)
 delete mode 100644 charts/wazuh/templates/admin-certificate.yaml
 create mode 100644 charts/wazuh/templates/certificates/filebeat-certificate.yaml
 delete mode 100644 charts/wazuh/templates/filebeat-certificate.yaml
 create mode 100644 charts/wazuh/templates/indexer/admin-certificate.yaml
 create mode 100644 charts/wazuh/templates/indexer/node-certificate.yaml
 delete mode 100644 charts/wazuh/templates/node-certificate.yaml
 delete mode 100644 charts/wazuh/templates/root-certificate.yaml

diff --git a/charts/wazuh/templates/admin-certificate.yaml b/charts/wazuh/templates/admin-certificate.yaml
deleted file mode 100644
index da11997..0000000
--- a/charts/wazuh/templates/admin-certificate.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-{{- if .Values.certificate.enabled -}}
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: "admin"
-spec:
-  secretName: "admin"
-  issuerRef:
-    name: {{ .Values.certificate.issuerRef.name }}
-    kind: {{ .Values.certificate.issuerRef.kind }}
-  commonName: {{ .Values.certificate.commonName }}
-  dnsNames:
-    {{- range .Values.certificate.dnsNames }}
-    - {{ . }}
-    {{- end }}
-{{- end }}
-  # acme:
-  #   config:
-  #     - http01:
-  #         {{- if hasKey .Values.certificate.acmeConfig.http01 "ingress" }}
-  #         ingress: {{ .Values.certificate.acmeConfig.http01.ingress }}
-  #         {{- else }}
-  #         ingress: {{ template "wb.fullname" . }}
-  #         {{- end }}
-  #       domains:
-  #         {{- range .Values.certificate.acmeConfig.domains }}
-  #         - {{ . }}
-  #         {{- end }}
diff --git a/charts/wazuh/templates/certificates/filebeat-certificate.yaml b/charts/wazuh/templates/certificates/filebeat-certificate.yaml
new file mode 100644
index 0000000..eb90e25
--- /dev/null
+++ b/charts/wazuh/templates/certificates/filebeat-certificate.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.tls.enabled .Values.tls.certManager.enabled}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: "filebeat-tls"
+spec:
+  secretName: "filebeat-tls"
+  issuerRef:
+    name: {{ .Values.tls.certManager.issuer.name }}
+    kind: {{ .Values.tls.certManager.issuer.kind }}
+  commonName: {{ .Values.tls.certManager.commonName }}
+  duration: {{ .Values.tls.certManager.duration }}
+  renewBefore: {{ .Values.tls.certManager.renewBefore }}
+  dnsNames:
+    {{- range .Values.tls.certManager.dnsNames }}
+    - {{ . }}
+    {{- end }}
+{{- end }}
diff --git a/charts/wazuh/templates/dashboard/dashboard-certificate.yaml b/charts/wazuh/templates/dashboard/dashboard-certificate.yaml
index ab31fdc..ff7d0fe 100644
--- a/charts/wazuh/templates/dashboard/dashboard-certificate.yaml
+++ b/charts/wazuh/templates/dashboard/dashboard-certificate.yaml
@@ -1,28 +1,18 @@
-{{- if .Values.certificate.enabled -}}
+{{- if and .Values.tls.enabled .Values.tls.certManager.enabled }}
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: "dashboard"
+  name: "dashboard-tls"
 spec:
-  secretName: "dashboard"
+  secretName: "dashboard-tls"
   issuerRef:
-    name: {{ .Values.certificate.issuerRef.name }}
-    kind: {{ .Values.certificate.issuerRef.kind }}
-  commonName: {{ .Values.certificate.commonName }}
+    name: {{ .Values.tls.certManager.issuer.name }}
+    kind: {{ .Values.tls.certManager.issuer.kind }}
+  commonName: {{ .Values.tls.certManager.commonName }}
+  duration: {{ .Values.tls.certManager.duration }}
+  renewBefore: {{ .Values.tls.certManager.renewBefore }}
   dnsNames:
-    {{- range .Values.certificate.dnsNames }}
+    {{- range .Values.tls.certManager.dnsNames }}
     - {{ . }}
     {{- end }}
 {{- end }}
-  # acme:
-  #   config:
-  #     - http01:
-  #         {{- if hasKey .Values.certificate.acmeConfig.http01 "ingress" }}
-  #         ingress: {{ .Values.certificate.acmeConfig.http01.ingress }}
-  #         {{- else }}
-  #         ingress: {{ template "wb.fullname" . }}
-  #         {{- end }}
-  #       domains:
-  #         {{- range .Values.certificate.acmeConfig.domains }}
-  #         - {{ . }}
-  #         {{- end }}
diff --git a/charts/wazuh/templates/dashboard/dashboard-deployment.yaml b/charts/wazuh/templates/dashboard/dashboard-deployment.yaml
index 65954f2..0e86c39 100644
--- a/charts/wazuh/templates/dashboard/dashboard-deployment.yaml
+++ b/charts/wazuh/templates/dashboard/dashboard-deployment.yaml
@@ -93,6 +93,29 @@ spec:
             {{- toYaml . | nindent 12 }}
           {{- end }}
       volumes:
+        {{- if and .Values.tls.enabled .Values.tls.certManager.enabled }}
+        - name: dashboard-certs
+          projected:
+            sources:
+            - secret:
+                name: {{ .Values.tls.certManager.caCrtSecretName }}
+                items:
+                  - key: ca.crt
+                    path: root-ca.pem
+            - secret:
+                name: dashboard-tls
+                items:
+                  - key: tls.crt
+                    path: cert.pem
+                  - key: tls.key
+                    path: key.pem
+        {{- else if and .Values.tls.enabled (not (eq .Values.tls.secretName "")) }}
+        - name: dashboard-certs
+          secret:
+            secretName: {{ .Values.tls.secretName }}
+        {{- else }}
+        {{- fail "Either provide your own certificates under .Values.tls.secretName or enable the tls certManager certificate if you have cert-manager on your cluster!"}}
+        {{- end }}
         {{- if .Values.dashboard.config.dashboardCustomConfig }}
         - name: config
           configMap:
@@ -102,9 +125,6 @@ spec:
           configMap:
             name: {{ include "wazuh.fullname" . }}-dashboard-config
         {{- end }}
-        - name: dashboard-certs
-          secret:
-            secretName: {{ required "A valid dashboardCertsSecretName is required!" .Values.dashboard.config.dashboardCertsSecretName }}
       {{- with .Values.dashboard.volumes }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
diff --git a/charts/wazuh/templates/filebeat-certificate.yaml b/charts/wazuh/templates/filebeat-certificate.yaml
deleted file mode 100644
index 232f1c2..0000000
--- a/charts/wazuh/templates/filebeat-certificate.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-{{- if .Values.certificate.enabled -}}
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: "filebeat"
-spec:
-  secretName: "filebeat"
-  issuerRef:
-    name: {{ .Values.certificate.issuerRef.name }}
-    kind: {{ .Values.certificate.issuerRef.kind }}
-  commonName: {{ .Values.certificate.commonName }}
-  dnsNames:
-    {{- range .Values.certificate.dnsNames }}
-    - {{ . }}
-    {{- end }}
-{{- end }}
-  # acme:
-  #   config:
-  #     - http01:
-  #         {{- if hasKey .Values.certificate.acmeConfig.http01 "ingress" }}
-  #         ingress: {{ .Values.certificate.acmeConfig.http01.ingress }}
-  #         {{- else }}
-  #         ingress: {{ template "wb.fullname" . }}
-  #         {{- end }}
-  #       domains:
-  #         {{- range .Values.certificate.acmeConfig.domains }}
-  #         - {{ . }}
-  #         {{- end }}
diff --git a/charts/wazuh/templates/indexer/admin-certificate.yaml b/charts/wazuh/templates/indexer/admin-certificate.yaml
new file mode 100644
index 0000000..f62462a
--- /dev/null
+++ b/charts/wazuh/templates/indexer/admin-certificate.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.tls.enabled .Values.tls.certManager.enabled}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: "admin-tls"
+spec:
+  secretName: "admin-tls"
+  issuerRef:
+    name: {{ .Values.tls.certManager.issuer.name }}
+    kind: {{ .Values.tls.certManager.issuer.kind }}
+  commonName: {{ .Values.tls.certManager.commonName }}
+  duration: {{ .Values.tls.certManager.duration }}
+  renewBefore: {{ .Values.tls.certManager.renewBefore }}
+  dnsNames:
+    {{- range .Values.tls.certManager.dnsNames }}
+    - {{ . }}
+    {{- end }}
+{{- end }}
diff --git a/charts/wazuh/templates/indexer/indexer-sts.yaml b/charts/wazuh/templates/indexer/indexer-sts.yaml
index d01ca1f..ff14ac5 100644
--- a/charts/wazuh/templates/indexer/indexer-sts.yaml
+++ b/charts/wazuh/templates/indexer/indexer-sts.yaml
@@ -127,6 +127,43 @@ spec:
               {{- toYaml . | nindent 12 }}
             {{- end }}
       volumes:
+        {{- if and .Values.tls.enabled .Values.tls.certManager.enabled }}
+        - name: indexer-certs
+          projected:
+            sources:
+            - secret:
+                name: {{ .Values.tls.certManager.caCrtSecretName }}
+                items:
+                  - key: ca.crt
+                    path: root-ca.pem
+            - secret:
+                name: admin-tls
+                items:
+                  - key: tls.crt
+                    path: admin.pem
+                  - key: tls.key
+                    path: admin-key.pem
+            - secret:
+                name: node-tls
+                items:
+                  - key: tls.crt
+                    path: node.pem
+                  - key: tls.key
+                    path: node-key.pem
+            - secret:
+                name: filebeat-tls
+                items:
+                  - key: tls.crt
+                    path: filebeat.pem
+                  - key: tls.key
+                    path: filebeat-key.pem
+        {{- else if and .Values.tls.enabled (not (eq .Values.tls.secretName "")) }}
+        - name: indexer-certs
+          secret:
+            secretName: {{ .Values.tls.secretName }}
+        {{- else }}
+        {{- fail "Either provide your own certificates under .Values.tls.secretName or enable the tls certManager certificate if you have cert-manager on your cluster!"}}
+        {{- end }}
         {{- if .Values.indexer.config.indexerInternalUsersSecretName }}
         - name: indexer-users
           secret:
@@ -145,9 +182,6 @@ spec:
           configMap:
             name: {{ include "wazuh.fullname" . }}-indexer-config
         {{- end }}
-        - name: indexer-certs
-          secret:
-            secretName: {{ required "A valid indexerCertsSecretName is required!" .Values.indexer.config.indexerCertsSecretName }}
         {{- if .Values.indexer.storage.existingClaim }}
         - name: wazuh-indexer
           persistentVolumeClaim:
diff --git a/charts/wazuh/templates/indexer/node-certificate.yaml b/charts/wazuh/templates/indexer/node-certificate.yaml
new file mode 100644
index 0000000..a1d32ea
--- /dev/null
+++ b/charts/wazuh/templates/indexer/node-certificate.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.tls.enabled .Values.tls.certManager.enabled }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: "node-tls"
+spec:
+  secretName: "node-tls"
+  issuerRef:
+    name: {{ .Values.tls.certManager.issuer.name }}
+    kind: {{ .Values.tls.certManager.issuer.kind }}
+  commonName: {{ .Values.tls.certManager.commonName }}
+  duration: {{ .Values.tls.certManager.duration }}
+  renewBefore: {{ .Values.tls.certManager.renewBefore }}
+  dnsNames:
+    {{- range .Values.tls.certManager.dnsNames }}
+    - {{ . }}
+    {{- end }}
+{{- end }}
diff --git a/charts/wazuh/templates/manager/wazuh-master-sts.yaml b/charts/wazuh/templates/manager/wazuh-master-sts.yaml
index 75a451e..41aa61a 100644
--- a/charts/wazuh/templates/manager/wazuh-master-sts.yaml
+++ b/charts/wazuh/templates/manager/wazuh-master-sts.yaml
@@ -128,6 +128,29 @@ spec:
             {{- toYaml . | nindent 12 }}
           {{- end }}
       volumes:
+        {{- if and .Values.tls.enabled .Values.tls.certManager.enabled }}
+        - name: filebeat-certs
+          projected:
+            sources:
+            - secret:
+                name: {{ .Values.tls.caCrtSecretName }}
+                items:
+                  - key: ca.crt
+                    path: root-ca.pem
+            - secret:
+                name: filebeat-tls
+                items:
+                  - key: tls.crt
+                    path: filebeat.pem
+                  - key: tls.key
+                    path: filebeat-key.pem
+        {{- else if and .Values.tls.enabled (not (eq .Values.tls.secretName "")) }}
+        - name: filebeat-certs
+          secret:
+            secretName: {{ .Values.tls.secretName }}
+        {{- else }}
+        {{- fail "Either provide your own certificates under .Values.tls.secretName or enable the tls certManager certificate if you have cert-manager on your cluster!"}}
+        {{- end }}
         {{- if .Values.manager.config.customManagerConfig }}
         - name: config
           configMap:
@@ -146,9 +169,6 @@ spec:
           secret:
             secretName:  {{ include "wazuh.fullname" . }}-manager
         {{- end }}
-        - name: filebeat-certs
-          secret:
-            secretName: {{ .Values.indexer.config.indexerCertsSecretName }}
         {{- if .Values.manager.master.storage.existingClaim }}
         - name: wazuh-manager-master
           persistentVolumeClaim:
diff --git a/charts/wazuh/templates/manager/wazuh-worker-sts.yaml b/charts/wazuh/templates/manager/wazuh-worker-sts.yaml
index 3971629..c466168 100644
--- a/charts/wazuh/templates/manager/wazuh-worker-sts.yaml
+++ b/charts/wazuh/templates/manager/wazuh-worker-sts.yaml
@@ -122,7 +122,30 @@ spec:
             {{- toYaml . | nindent 12 }}
           {{- end }}
       volumes:
-       {{- if .Values.manager.config.customManagerConfig }}
+        {{- if and .Values.tls.enabled .Values.tls.certManager.enabled }}
+        - name: filebeat-certs
+          projected:
+            sources:
+            - secret:
+                name: {{ .Values.tls.certManager.caCrtSecretName }}
+                items:
+                  - key: ca.crt
+                    path: root-ca.pem
+            - secret:
+                name: filebeat-tls
+                items:
+                  - key: tls.crt
+                    path: filebeat.pem
+                  - key: tls.key
+                    path: filebeat-key.pem
+        {{- else if and .Values.tls.enabled (not (eq .Values.tls.secretName "")) }}
+        - name: filebeat-certs
+          secret:
+            secretName: {{ .Values.tls.secretName }}
+        {{- else }}
+        {{- fail "Either provide your own certificates under .Values.tls.secretName or enable the tls certManager certificate if you have cert-manager on your cluster!"}}
+        {{- end }}
+        {{- if .Values.manager.config.customManagerConfig }}
         - name: config
           configMap:
             name: {{ .Values.manager.config.customManagerConfig }}
@@ -131,9 +154,6 @@ spec:
           configMap:
             name: {{ include "wazuh.fullname" . }}-manager-config
         {{- end }}
-        - name: filebeat-certs
-          secret:
-            secretName: {{ .Values.indexer.config.indexerCertsSecretName }}
         {{- if .Values.manager.workers.storage.existingClaim }}
         - name: wazuh-manager-worker
           persistentVolumeClaim:
diff --git a/charts/wazuh/templates/node-certificate.yaml b/charts/wazuh/templates/node-certificate.yaml
deleted file mode 100644
index 040b1c5..0000000
--- a/charts/wazuh/templates/node-certificate.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-{{- if .Values.certificate.enabled -}}
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: "node"
-spec:
-  secretName: "node"
-  issuerRef:
-    name: {{ .Values.certificate.issuerRef.name }}
-    kind: {{ .Values.certificate.issuerRef.kind }}
-  commonName: {{ .Values.certificate.commonName }}
-  dnsNames:
-    {{- range .Values.certificate.dnsNames }}
-    - {{ . }}
-    {{- end }}
-{{- end }}
-  # acme:
-  #   config:
-  #     - http01:
-  #         {{- if hasKey .Values.certificate.acmeConfig.http01 "ingress" }}
-  #         ingress: {{ .Values.certificate.acmeConfig.http01.ingress }}
-  #         {{- else }}
-  #         ingress: {{ template "wb.fullname" . }}
-  #         {{- end }}
-  #       domains:
-  #         {{- range .Values.certificate.acmeConfig.domains }}
-  #         - {{ . }}
-  #         {{- end }}
diff --git a/charts/wazuh/templates/root-certificate.yaml b/charts/wazuh/templates/root-certificate.yaml
deleted file mode 100644
index 28012e7..0000000
--- a/charts/wazuh/templates/root-certificate.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-{{- if .Values.certificate.enabled -}}
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: "root-ca"
-spec:
-  secretName: "root-ca"
-  issuerRef:
-    name: {{ .Values.certificate.issuerRef.name }}
-    kind: {{ .Values.certificate.issuerRef.kind }}
-  commonName: {{ .Values.certificate.commonName }}
-  dnsNames:
-    {{- range .Values.certificate.dnsNames }}
-    - {{ . }}
-    {{- end }}
-{{- end }}
-  # acme:
-  #   config:
-  #     - http01:
-  #         {{- if hasKey .Values.certificate.acmeConfig.http01 "ingress" }}
-  #         ingress: {{ .Values.certificate.acmeConfig.http01.ingress }}
-  #         {{- else }}
-  #         ingress: {{ template "wb.fullname" . }}
-  #         {{- end }}
-  #       domains:
-  #         {{- range .Values.certificate.acmeConfig.domains }}
-  #         - {{ . }}
-  #         {{- end }}
diff --git a/charts/wazuh/values.yaml b/charts/wazuh/values.yaml
index 5c5b043..81fbf35 100644
--- a/charts/wazuh/values.yaml
+++ b/charts/wazuh/values.yaml
@@ -3,8 +3,37 @@
 # Declare variables to be passed into your templates.
 
 global:
-  indexerUrl: "http://wazuh-indexer:9200"
-  wazuhApiUrl: "https://wazuh"
+  indexerUrl: "https://wazuh-indexer:9200"
+  wazuhApiUrl: "https://wazuh-master"
+
+tls:
+  # If enabled you either need to provide a secrete name containing specific keys as certs or enable the creation of certifications if
+  # your cluster supports issuing certificates.
+  enabled: true
+  # **REQUIRED** when you want to provide your own certificate
+  # The Secret name for the certs must have the following keys within it
+  # admin-key.pem, admin.pem, dashboard-key.pem, dashboard.pem
+  # filebeat-key.pem, filebeat.pem, node-key.pem, node.pem, root-ca.pem,
+  # key.pem, cert.pem
+  secretName: ""
+  certManager:
+    enabled: true
+    duration: 2160h # 90d
+    renewBefore: 360h # 15d
+    issuer:
+      name: "selfsigned-josa"
+      # We can reference ClusterIssuers by changing the kind here.
+      # The default value is Issuer (i.e. a locally namespaced Issuer)
+      kind: "ClusterIssuer"
+    # The use of the common name field has been deprecated since 2000 and is
+    # discouraged from being used.
+    commonName: test.josa.dev
+    # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required.
+    dnsNames:
+      - test.josa.dev
+      - www.test.josa.dev
+    ## CA certificate secret name that can be downloaded from https://letsencrypt.org/certificates/, the key name should be ca.crt in the secret file.
+    caCrtSecretName: "letsencrypt-ca"
 
 indexer:
   image:
@@ -13,28 +42,8 @@ indexer:
     # Overrides the image tag whose default is the chart appVersion.
     tag: "4.7.4"
 
-certificate:
-  enabled: false
-  issuerRef:
-    name: "letsencrypt"
-    # We can reference ClusterIssuers by changing the kind here.
-    # The default value is Issuer (i.e. a locally namespaced Issuer)
-    kind: "Issuer"
-  # The use of the common name field has been deprecated since 2000 and is
-  # discouraged from being used.
-  commonName: example.com
-    # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required.
-  dnsNames:
-    - example.com
-    - www.example.com
-
   config:
     sslEnabled: false
-    # **REQUIRED**
-    # The Secret name for the indexer certs must have the following keys
-    # admin-key.pem, admin.pem, dashboard-key.pem, dashboard.pem
-    # filebeat-key.pem, filebeat.pem, node-key.pem, node.pem, root-ca.pem
-    indexerCertsSecretName: ""
     # The name of the configmap that includes the custom indexer config
     # Must have the following key "opensearch.yml"
     indexerCustomConfig: ""
@@ -272,10 +281,6 @@ dashboard:
 
   config:
     ServerSSL: false
-    # ** REQUIRED **
-    # The Secret name for the dashboard certs must have the following keys
-    # cert.pem, key.pem, root-ca.pem
-    dashboardCertsSecretName: ""
     # ----------------
     # The configmap name that includes the dashboard custom config file
     # Must have the key 'opensearch_dashboards.yml'

From 3402a1d11b6e93fe1599fd8c91396f6674211bef Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Sun, 21 Jul 2024 14:36:25 +0300
Subject: [PATCH 07/20] fix(wazuh): fix dashboard configuration

---
 charts/wazuh/dashboard_conf/opensearch_dashboards.yml | 4 ++--
 charts/wazuh/templates/manager/wazuh-master-sts.yaml  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/charts/wazuh/dashboard_conf/opensearch_dashboards.yml b/charts/wazuh/dashboard_conf/opensearch_dashboards.yml
index a92dff6..ca4d51a 100644
--- a/charts/wazuh/dashboard_conf/opensearch_dashboards.yml
+++ b/charts/wazuh/dashboard_conf/opensearch_dashboards.yml
@@ -1,11 +1,11 @@
 server.host: 0.0.0.0
 server.port: 5601
-opensearch.hosts: http://wazuh-indexer:9200
+opensearch.hosts: https://wazuh-indexer:9200
 opensearch.ssl.verificationMode: none
 opensearch.requestHeadersWhitelist: [authorization, securitytenant]
 opensearch_security.multitenancy.enabled: false
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
-server.ssl.enabled: false
+server.ssl.enabled: true
 server.ssl.key: "/usr/share/wazuh-dashboard/certs/key.pem"
 server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/cert.pem"
 opensearch.ssl.certificateAuthorities:
diff --git a/charts/wazuh/templates/manager/wazuh-master-sts.yaml b/charts/wazuh/templates/manager/wazuh-master-sts.yaml
index 41aa61a..e104222 100644
--- a/charts/wazuh/templates/manager/wazuh-master-sts.yaml
+++ b/charts/wazuh/templates/manager/wazuh-master-sts.yaml
@@ -133,7 +133,7 @@ spec:
           projected:
             sources:
             - secret:
-                name: {{ .Values.tls.caCrtSecretName }}
+                name: {{ .Values.tls.certManager.caCrtSecretName }}
                 items:
                   - key: ca.crt
                     path: root-ca.pem

From de23f76743f32c921b5ff4cd554393e1b0f0c9e7 Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Sun, 21 Jul 2024 15:32:07 +0300
Subject: [PATCH 08/20] refactor(wazuh): modify indexer svc

---
 .../templates/indexer/indexer-api-svc.yaml      | 17 -----------------
 charts/wazuh/templates/indexer/indexer-svc.yaml |  4 ++++
 .../templates/manager/wazuh-master-svc .yaml    |  2 +-
 3 files changed, 5 insertions(+), 18 deletions(-)
 delete mode 100644 charts/wazuh/templates/indexer/indexer-api-svc.yaml

diff --git a/charts/wazuh/templates/indexer/indexer-api-svc.yaml b/charts/wazuh/templates/indexer/indexer-api-svc.yaml
deleted file mode 100644
index 6179f5e..0000000
--- a/charts/wazuh/templates/indexer/indexer-api-svc.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "wazuh.fullname" . }}-indexer-api
-  labels:
-    app: {{ include "wazuh.fullname" . }}-indexer
-    {{- include "wazuh.labels" . | nindent 4 }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: 9200
-      targetPort: 9200
-      protocol: TCP
-      name: indexer-api
-  selector:
-    app: {{ include "wazuh.fullname" . }}-indexer
-    {{- include "wazuh.selectorLabels" . | nindent 4 }}
diff --git a/charts/wazuh/templates/indexer/indexer-svc.yaml b/charts/wazuh/templates/indexer/indexer-svc.yaml
index 0ae5b50..ab34700 100644
--- a/charts/wazuh/templates/indexer/indexer-svc.yaml
+++ b/charts/wazuh/templates/indexer/indexer-svc.yaml
@@ -13,6 +13,10 @@ spec:
       targetPort: 9300
       protocol: TCP
       name: indexer-nodes
+    - port: 9200
+      targetPort: 9200
+      protocol: TCP
+      name: indexer-api
   selector:
     app: {{ include "wazuh.fullname" . }}-indexer
     {{- include "wazuh.selectorLabels" . | nindent 4 }}
diff --git a/charts/wazuh/templates/manager/wazuh-master-svc .yaml b/charts/wazuh/templates/manager/wazuh-master-svc .yaml
index 6048c8f..9c28c26 100644
--- a/charts/wazuh/templates/manager/wazuh-master-svc .yaml	
+++ b/charts/wazuh/templates/manager/wazuh-master-svc .yaml	
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "wazuh.fullname" . }}
+  name: {{ include "wazuh.fullname" . }}-master
   labels:
     app: {{ include "wazuh.fullname" . }}-manager
     {{- include "wazuh.labels" . | nindent 4 }}

From b22013b46ad96d2e951041dff85a7a915c0f5f9e Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Mon, 22 Jul 2024 15:08:11 +0300
Subject: [PATCH 09/20] refactor(wazuh): modify dashboard configuration file

---
 charts/wazuh/dashboard_conf/opensearch_dashboards.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/wazuh/dashboard_conf/opensearch_dashboards.yml b/charts/wazuh/dashboard_conf/opensearch_dashboards.yml
index ca4d51a..5691ee6 100644
--- a/charts/wazuh/dashboard_conf/opensearch_dashboards.yml
+++ b/charts/wazuh/dashboard_conf/opensearch_dashboards.yml
@@ -5,7 +5,7 @@ opensearch.ssl.verificationMode: none
 opensearch.requestHeadersWhitelist: [authorization, securitytenant]
 opensearch_security.multitenancy.enabled: false
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
-server.ssl.enabled: true
+server.ssl.enabled: false
 server.ssl.key: "/usr/share/wazuh-dashboard/certs/key.pem"
 server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/cert.pem"
 opensearch.ssl.certificateAuthorities:

From bbb2d733cbf7dd63628c5d7f74da001b209ca581 Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Mon, 22 Jul 2024 15:10:10 +0300
Subject: [PATCH 10/20] refactor(wazuh): modify wazuh-manager conf files

---
 charts/wazuh/wazuh_conf/master.conf | 2 +-
 charts/wazuh/wazuh_conf/worker.conf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/wazuh/wazuh_conf/master.conf b/charts/wazuh/wazuh_conf/master.conf
index d0affc4..1c09d1b 100644
--- a/charts/wazuh/wazuh_conf/master.conf
+++ b/charts/wazuh/wazuh_conf/master.conf
@@ -376,7 +376,7 @@
     <port>1516</port>
     <bind_addr>0.0.0.0</bind_addr>
     <nodes>
-        <node>wazuh-manager-master-0.wazuh-cluster.wazuh</node>
+        <node>wazuh-manager-master-0.wazuh-cluster</node>
     </nodes>
     <hidden>no</hidden>
     <disabled>no</disabled>
diff --git a/charts/wazuh/wazuh_conf/worker.conf b/charts/wazuh/wazuh_conf/worker.conf
index 9092b31..87bded7 100644
--- a/charts/wazuh/wazuh_conf/worker.conf
+++ b/charts/wazuh/wazuh_conf/worker.conf
@@ -376,7 +376,7 @@
     <port>1516</port>
     <bind_addr>0.0.0.0</bind_addr>
     <nodes>
-        <node>wazuh-manager-master-0.wazuh-cluster.wazuh</node>
+        <node>wazuh-manager-master-0.wazuh-cluster</node>
     </nodes>
     <hidden>no</hidden>
     <disabled>no</disabled>

From a58aeab898950dfe00df59ec8818163fabef9d54 Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Tue, 23 Jul 2024 18:09:25 +0300
Subject: [PATCH 11/20] refactor(wazuh): update wazuh to version 4.8.1

updated the app version and the dashboard configuration
---
 charts/wazuh/Chart.yaml                               | 2 +-
 charts/wazuh/dashboard_conf/opensearch_dashboards.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/wazuh/Chart.yaml b/charts/wazuh/Chart.yaml
index a910ceb..7da7024 100644
--- a/charts/wazuh/Chart.yaml
+++ b/charts/wazuh/Chart.yaml
@@ -21,4 +21,4 @@ version: 0.1.2
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "4.7.4"
+appVersion: "4.8.1"
diff --git a/charts/wazuh/dashboard_conf/opensearch_dashboards.yml b/charts/wazuh/dashboard_conf/opensearch_dashboards.yml
index 5691ee6..c88d8f9 100644
--- a/charts/wazuh/dashboard_conf/opensearch_dashboards.yml
+++ b/charts/wazuh/dashboard_conf/opensearch_dashboards.yml
@@ -10,4 +10,4 @@ server.ssl.key: "/usr/share/wazuh-dashboard/certs/key.pem"
 server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/cert.pem"
 opensearch.ssl.certificateAuthorities:
   ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wazuh
+uiSettings.overrides.defaultRoute: /app/wz-home

From bfd3f037992e90a62fbddcabc712be62dec046ab Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Tue, 23 Jul 2024 18:12:32 +0300
Subject: [PATCH 12/20] refactor(wazuh): create wazuh-manager service

created a service that combines the manager master service and the workers service together
---
 .../templates/manager/wazuh-master-svc .yaml  |  6 +---
 .../templates/manager/wazuh-service.yaml      | 29 +++++++++++++++++++
 .../templates/manager/wazuh-workers-svc .yaml |  6 +---
 3 files changed, 31 insertions(+), 10 deletions(-)
 create mode 100644 charts/wazuh/templates/manager/wazuh-service.yaml

diff --git a/charts/wazuh/templates/manager/wazuh-master-svc .yaml b/charts/wazuh/templates/manager/wazuh-master-svc .yaml
index 9c28c26..f8d1931 100644
--- a/charts/wazuh/templates/manager/wazuh-master-svc .yaml	
+++ b/charts/wazuh/templates/manager/wazuh-master-svc .yaml	
@@ -5,12 +5,8 @@ metadata:
   labels:
     app: {{ include "wazuh.fullname" . }}-manager
     {{- include "wazuh.labels" . | nindent 4 }}
-  {{- with .Values.manager.master.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 8 }}
-  {{- end }}
 spec:
-  type: {{ .Values.manager.master.service.type }}
+  type: ClusterIP
   ports:
     - port: 1515
       targetPort: 1515
diff --git a/charts/wazuh/templates/manager/wazuh-service.yaml b/charts/wazuh/templates/manager/wazuh-service.yaml
new file mode 100644
index 0000000..d96fd25
--- /dev/null
+++ b/charts/wazuh/templates/manager/wazuh-service.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "wazuh.fullname" . }}-manager
+  labels:
+    app: {{ include "wazuh.fullname" . }}-manager
+    {{- include "wazuh.labels" . | nindent 4 }}
+  {{- with .Values.manager.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 8 }}
+  {{- end }}
+spec:
+  type: {{ .Values.manager.service.type }}
+  ports:
+    - port: 1515
+      targetPort: 1515
+      protocol: TCP
+      name: registration
+    - port: 1514
+      targetPort: 1514
+      protocol: TCP
+      name: agents-events
+    - port: 55000
+      targetPort: 55000
+      protocol: TCP
+      name: api
+  selector:
+    app: {{ include "wazuh.fullname" . }}-manager
+    {{- include "wazuh.selectorLabels" . | nindent 4 }}
\ No newline at end of file
diff --git a/charts/wazuh/templates/manager/wazuh-workers-svc .yaml b/charts/wazuh/templates/manager/wazuh-workers-svc .yaml
index 63ff3e0..a452bf4 100644
--- a/charts/wazuh/templates/manager/wazuh-workers-svc .yaml	
+++ b/charts/wazuh/templates/manager/wazuh-workers-svc .yaml	
@@ -5,12 +5,8 @@ metadata:
   labels:
     app: {{ include "wazuh.fullname" . }}-manager
     {{- include "wazuh.labels" . | nindent 4 }}
-  {{- with .Values.manager.workers.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 8 }}
-  {{- end }}
 spec:
-  type: {{ .Values.manager.workers.service.type }}
+  type: ClusterIP
   ports:
     - port: 1514
       targetPort: 1514

From f61df78fd06f3b7df7dab37395f16ff10106bdc4 Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Wed, 24 Jul 2024 12:21:38 +0300
Subject: [PATCH 13/20] refactor(wazuh): update values file

---
 charts/wazuh/values.yaml | 95 +++++++++++++++++++++-------------------
 1 file changed, 51 insertions(+), 44 deletions(-)

diff --git a/charts/wazuh/values.yaml b/charts/wazuh/values.yaml
index 81fbf35..2a14d49 100644
--- a/charts/wazuh/values.yaml
+++ b/charts/wazuh/values.yaml
@@ -6,6 +6,17 @@ global:
   indexerUrl: "https://wazuh-indexer:9200"
   wazuhApiUrl: "https://wazuh-master"
 
+## **IMPORTANT**
+## ** Choose the release name as "wazuh" for easier time **
+## If the name of the release is not "wazuh" it will break the manager configuration
+## So you need to provide your own wazuh-manager configuration
+## With the updated wazuh manager nodes in the cluster section in the [master.conf,worker.conf] files
+## example: {release-name}-manager-master-0.{release-name}-cluster
+## and the cluster name should be the same as the {release-name}
+## go to the manager.config section in the values file to see how you can add your own configuration files
+nameOverride: ""
+fullnameOverride: ""
+
 tls:
   # If enabled you either need to provide a secrete name containing specific keys as certs or enable the creation of certifications if
   # your cluster supports issuing certificates.
@@ -21,29 +32,30 @@ tls:
     duration: 2160h # 90d
     renewBefore: 360h # 15d
     issuer:
-      name: "selfsigned-josa"
+      name: "your-issuer"
       # We can reference ClusterIssuers by changing the kind here.
       # The default value is Issuer (i.e. a locally namespaced Issuer)
       kind: "ClusterIssuer"
     # The use of the common name field has been deprecated since 2000 and is
     # discouraged from being used.
-    commonName: test.josa.dev
+    commonName: wazuh.example.com
     # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required.
     dnsNames:
-      - test.josa.dev
-      - www.test.josa.dev
-    ## CA certificate secret name that can be downloaded from https://letsencrypt.org/certificates/, the key name should be ca.crt in the secret file.
-    caCrtSecretName: "letsencrypt-ca"
+      - wazuh.example.com
+      - www.wazuh.example.com
+    ## CA certificate secret name, the key name should be ca.crt in the secret file.
+    ## By default it will take the CA from the indexer node cert secret
+    caCrtSecretName: "node-tls"
 
 indexer:
   image:
     repository: wazuh/wazuh-indexer
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "4.7.4"
+    tag: "4.8.1"
 
   config:
-    sslEnabled: false
+    sslEnabled: true
     # The name of the configmap that includes the custom indexer config
     # Must have the following key "opensearch.yml"
     indexerCustomConfig: ""
@@ -115,7 +127,7 @@ manager:
     repository: wazuh/wazuh-manager
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "4.7.4"
+    tag: "4.8.1"
 
   imagePullSecrets: []
 
@@ -135,14 +147,14 @@ manager:
       # do not change unless you changed the passwords and the usernames
       # using the indexerInternalUsersSecretName in the indexer section
       indexerUsername: "admin"
-      indexerPassword: "SecretPassword"
+      indexerPassword: "SecretPassword" #gitleaks:allow
       # -------------------
       wazuhApiUsername: "wazuh"
       # Note The password for Wazuh API users must be between 8 and 64 characters long.
       # It must contain at least one uppercase and one lowercase letter, a number, and a symbol.
-      wazuhApiPassword: "Pho8OH1voo6eew@ahVui4Ahghu6leith"
-      wazuhClusterKey: "123a45bc67def891gh23i45jk67l8mn9"
-      wazuhAuthDPass: "password"
+      wazuhApiPassword: "Pho8OH1voo6eew@ahVui4Ahghu6leith" #gitleaks:allow
+      wazuhClusterKey: "123a45bc67def891gh23i45jk67l8mn9" #gitleaks:allow
+      wazuhAuthDPass: "password" #gitleaks:allow
       # The secret must have the following keys
       # INDEXER_USERNAME, INDEXER_PASSWORD
       # API_USERNAME, API_PASSWORD
@@ -150,11 +162,13 @@ manager:
       # authd.pass
       existingSecretName: ""
 
-  master:
-    service:
-      type: ClusterIP
-      annotations: {}
+  ## The manager service that is going to be responsible for the agent registration
+  ## and the agent events
+  service:
+    type: LoadBalancer
+    annotations: {}
 
+  master:
     podSecurityContext:
       fsGroup: 101
       # fsGroup: 2000
@@ -212,10 +226,6 @@ manager:
   workers:
     replicaCount: 1
 
-    service:
-      type: ClusterIP
-      annotations: {}
-
     podSecurityContext:
       fsGroup: 101
       # fsGroup: 2000
@@ -277,10 +287,10 @@ dashboard:
     repository: wazuh/wazuh-dashboard
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "4.7.4"
+    tag: "4.8.1"
 
   config:
-    ServerSSL: false
+    ServerSSL: true
     # ----------------
     # The configmap name that includes the dashboard custom config file
     # Must have the key 'opensearch_dashboards.yml'
@@ -293,12 +303,29 @@ dashboard:
       # do not change unless you changed the passwords and the usernames
       # using the indexerInternalUsersSecretName in the indexer section
       dashboardUsername: "kibanaserver"
-      dashboardPassword: "kibanaserver"
+      dashboardPassword: "kibanaserver" #gitleaks:allow
       # -------------------
       # The secret must have the following keys
       # DASHBOARD_USERNAME, DASHBOARD_PASSWORD
       existingSecretName: ""
 
+  ingress:
+    enabled: false
+    className: nginx
+    annotations:
+      {}
+      # cert-manager.io/cluster-issuer: letsencrypt
+    hosts:
+      - host: chart-example.local
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+    tls:
+      []
+      # - secretName: chart-example.local-tls
+      #   hosts:
+      #     - chart-example.local
+
   imagePullSecrets: []
 
   podAnnotations: {}
@@ -370,26 +397,6 @@ dashboard:
     type: ClusterIP
     port: 5601
 
-  ingress:
-    enabled: false
-    className: ""
-    annotations:
-      {}
-      # kubernetes.io/ingress.class: nginx
-      # kubernetes.io/tls-acme: "true"
-    hosts:
-      - host: chart-example.local
-        paths:
-          - path: /
-            pathType: ImplementationSpecific
-    tls: []
-    #  - secretName: chart-example-tls
-    #    hosts:
-    #      - chart-example.local
-
-nameOverride: ""
-fullnameOverride: ""
-
 serviceAccount:
   # Specifies whether a service account should be created
   create: true

From 5273db79458e2c33a167e40fab7fc9357dccaa4b Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Thu, 25 Jul 2024 12:02:16 +0300
Subject: [PATCH 14/20] docs(wazuh): fix wrong description for the
 wazuh-manager secrets section

---
 charts/wazuh/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/wazuh/values.yaml b/charts/wazuh/values.yaml
index 2a14d49..4a3643b 100644
--- a/charts/wazuh/values.yaml
+++ b/charts/wazuh/values.yaml
@@ -143,7 +143,7 @@ manager:
       # If you provide an existing secret name those values will be ignored
       # -------------------
       #
-      # WARN: Those are the default indexer credentials for the wazuh-ui 'dashboard',
+      # WARN: Those are the default indexer credentials for the wazuh-manager,
       # do not change unless you changed the passwords and the usernames
       # using the indexerInternalUsersSecretName in the indexer section
       indexerUsername: "admin"

From 7fcd3fb28bf7a098ac6dcf28bd11ab5f5c6dcefa Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Thu, 25 Jul 2024 12:05:37 +0300
Subject: [PATCH 15/20] refactor(wazuh): move the services config files to a
 folder named configs

---
 .../{ => configs}/dashboard_conf/opensearch_dashboards.yml      | 0
 charts/wazuh/{ => configs}/indexer_conf/internal_users.yml      | 0
 charts/wazuh/{ => configs}/indexer_conf/opensearch.yml          | 0
 charts/wazuh/{ => configs}/wazuh_conf/master.conf               | 0
 charts/wazuh/{ => configs}/wazuh_conf/worker.conf               | 0
 charts/wazuh/templates/dashboard/dashboard-configmap.yaml       | 2 +-
 charts/wazuh/templates/indexer/indexer-configmap.yaml           | 2 +-
 charts/wazuh/templates/indexer/indexer-users-secret.yaml        | 2 +-
 charts/wazuh/templates/manager/wazuh-configmap.yaml             | 2 +-
 9 files changed, 4 insertions(+), 4 deletions(-)
 rename charts/wazuh/{ => configs}/dashboard_conf/opensearch_dashboards.yml (100%)
 rename charts/wazuh/{ => configs}/indexer_conf/internal_users.yml (100%)
 rename charts/wazuh/{ => configs}/indexer_conf/opensearch.yml (100%)
 rename charts/wazuh/{ => configs}/wazuh_conf/master.conf (100%)
 rename charts/wazuh/{ => configs}/wazuh_conf/worker.conf (100%)

diff --git a/charts/wazuh/dashboard_conf/opensearch_dashboards.yml b/charts/wazuh/configs/dashboard_conf/opensearch_dashboards.yml
similarity index 100%
rename from charts/wazuh/dashboard_conf/opensearch_dashboards.yml
rename to charts/wazuh/configs/dashboard_conf/opensearch_dashboards.yml
diff --git a/charts/wazuh/indexer_conf/internal_users.yml b/charts/wazuh/configs/indexer_conf/internal_users.yml
similarity index 100%
rename from charts/wazuh/indexer_conf/internal_users.yml
rename to charts/wazuh/configs/indexer_conf/internal_users.yml
diff --git a/charts/wazuh/indexer_conf/opensearch.yml b/charts/wazuh/configs/indexer_conf/opensearch.yml
similarity index 100%
rename from charts/wazuh/indexer_conf/opensearch.yml
rename to charts/wazuh/configs/indexer_conf/opensearch.yml
diff --git a/charts/wazuh/wazuh_conf/master.conf b/charts/wazuh/configs/wazuh_conf/master.conf
similarity index 100%
rename from charts/wazuh/wazuh_conf/master.conf
rename to charts/wazuh/configs/wazuh_conf/master.conf
diff --git a/charts/wazuh/wazuh_conf/worker.conf b/charts/wazuh/configs/wazuh_conf/worker.conf
similarity index 100%
rename from charts/wazuh/wazuh_conf/worker.conf
rename to charts/wazuh/configs/wazuh_conf/worker.conf
diff --git a/charts/wazuh/templates/dashboard/dashboard-configmap.yaml b/charts/wazuh/templates/dashboard/dashboard-configmap.yaml
index 4329d98..1b7847f 100644
--- a/charts/wazuh/templates/dashboard/dashboard-configmap.yaml
+++ b/charts/wazuh/templates/dashboard/dashboard-configmap.yaml
@@ -4,5 +4,5 @@ apiVersion: v1
 metadata:
   name: {{ include "wazuh.fullname" . }}-dashboard-config
 data:
-{{ (.Files.Glob "dashboard_conf/*").AsConfig | indent 2 }}
+{{ (.Files.Glob "configs/dashboard_conf/*").AsConfig | indent 2 }}
 {{- end }}
diff --git a/charts/wazuh/templates/indexer/indexer-configmap.yaml b/charts/wazuh/templates/indexer/indexer-configmap.yaml
index 303314d..4ca504e 100644
--- a/charts/wazuh/templates/indexer/indexer-configmap.yaml
+++ b/charts/wazuh/templates/indexer/indexer-configmap.yaml
@@ -4,5 +4,5 @@ apiVersion: v1
 metadata:
   name: {{ include "wazuh.fullname" . }}-indexer-config
 data:
-{{ (.Files.Glob "indexer_conf/opensearch.yml").AsConfig | indent 2 }}
+{{ (.Files.Glob "configs/indexer_conf/opensearch.yml").AsConfig | indent 2 }}
 {{- end }}
diff --git a/charts/wazuh/templates/indexer/indexer-users-secret.yaml b/charts/wazuh/templates/indexer/indexer-users-secret.yaml
index 8f7d529..7282fd1 100644
--- a/charts/wazuh/templates/indexer/indexer-users-secret.yaml
+++ b/charts/wazuh/templates/indexer/indexer-users-secret.yaml
@@ -5,5 +5,5 @@ metadata:
   name: {{ include "wazuh.fullname" . }}-indexer-users
 type: Opaque
 data:
-{{ (.Files.Glob "indexer_conf/internal_users.yml").AsSecrets | indent 2 }}
+{{ (.Files.Glob "configs/indexer_conf/internal_users.yml").AsSecrets | indent 2 }}
 {{- end }}
diff --git a/charts/wazuh/templates/manager/wazuh-configmap.yaml b/charts/wazuh/templates/manager/wazuh-configmap.yaml
index 6d60dd9..1b6a49c 100644
--- a/charts/wazuh/templates/manager/wazuh-configmap.yaml
+++ b/charts/wazuh/templates/manager/wazuh-configmap.yaml
@@ -4,5 +4,5 @@ apiVersion: v1
 metadata:
   name: {{ include "wazuh.fullname" . }}-manager-config
 data:
-{{ (.Files.Glob "wazuh_conf/*").AsConfig | indent 2 }}
+{{ (.Files.Glob "configs/wazuh_conf/*").AsConfig | indent 2 }}
 {{- end }}

From 1e27b7d7559746af4d450980b034c0239a12faa8 Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Thu, 25 Jul 2024 12:08:11 +0300
Subject: [PATCH 16/20] refactor(wazuh): move the filebeat-cert template file
 to the manager folder

---
 .../templates/{certificates => manager}/filebeat-certificate.yaml | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename charts/wazuh/templates/{certificates => manager}/filebeat-certificate.yaml (100%)

diff --git a/charts/wazuh/templates/certificates/filebeat-certificate.yaml b/charts/wazuh/templates/manager/filebeat-certificate.yaml
similarity index 100%
rename from charts/wazuh/templates/certificates/filebeat-certificate.yaml
rename to charts/wazuh/templates/manager/filebeat-certificate.yaml

From 2c945f71687f1296d0bbd3be8375971d98e51ef4 Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Thu, 25 Jul 2024 12:18:41 +0300
Subject: [PATCH 17/20] refactor(wazuh): make stable chart version 1.0.0

---
 charts/wazuh/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/wazuh/Chart.yaml b/charts/wazuh/Chart.yaml
index 7da7024..49a053c 100644
--- a/charts/wazuh/Chart.yaml
+++ b/charts/wazuh/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.2
+version: 1.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

From b04ea122c39b2de0b164493334252928489dce96 Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Thu, 25 Jul 2024 13:53:48 +0300
Subject: [PATCH 18/20] docs(wazuh): generate README.md for the chart values

---
 charts/wazuh/README.md | 138 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 138 insertions(+)
 create mode 100644 charts/wazuh/README.md

diff --git a/charts/wazuh/README.md b/charts/wazuh/README.md
new file mode 100644
index 0000000..0dac086
--- /dev/null
+++ b/charts/wazuh/README.md
@@ -0,0 +1,138 @@
+# wazuh
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.8.1](https://img.shields.io/badge/AppVersion-4.8.1-informational?style=flat-square)
+
+A Helm chart for Wazuh the open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| dashboard.affinity | object | `{}` |  |
+| dashboard.config.ServerSSL | bool | `true` |  |
+| dashboard.config.dashboardCustomConfig | string | `""` | -------------- The configmap name that includes the dashboard custom config file Must have the key 'opensearch_dashboards.yml' |
+| dashboard.config.secrets.dashboardPassword | string | `"kibanaserver"` |  |
+| dashboard.config.secrets.dashboardUsername | string | `"kibanaserver"` | ----------------- WARN: Those are the default indexer dashboard credentials, do not change unless you changed the passwords and the usernames using the indexerInternalUsersSecretName in the indexer section |
+| dashboard.config.secrets.existingSecretName | string | `""` | ----------------- The secret must have the following keys DASHBOARD_USERNAME, DASHBOARD_PASSWORD |
+| dashboard.image.pullPolicy | string | `"IfNotPresent"` |  |
+| dashboard.image.repository | string | `"wazuh/wazuh-dashboard"` |  |
+| dashboard.image.tag | string | `"4.8.1"` |  |
+| dashboard.imagePullSecrets | list | `[]` |  |
+| dashboard.ingress.annotations | object | `{}` |  |
+| dashboard.ingress.className | string | `"nginx"` |  |
+| dashboard.ingress.enabled | bool | `false` |  |
+| dashboard.ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| dashboard.ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| dashboard.ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
+| dashboard.ingress.tls | list | `[]` |  |
+| dashboard.livenessProbe.failureThreshold | int | `3` |  |
+| dashboard.livenessProbe.httpGet.path | string | `"/"` |  |
+| dashboard.livenessProbe.httpGet.port | string | `"dashboard"` |  |
+| dashboard.livenessProbe.initialDelaySeconds | int | `60` |  |
+| dashboard.livenessProbe.periodSeconds | int | `10` |  |
+| dashboard.livenessProbe.successThreshold | int | `1` |  |
+| dashboard.livenessProbe.timeoutSeconds | int | `5` |  |
+| dashboard.nodeSelector | object | `{}` |  |
+| dashboard.podAnnotations | object | `{}` |  |
+| dashboard.podLabels | object | `{}` |  |
+| dashboard.podSecurityContext | object | `{}` |  |
+| dashboard.readinessProbe.failureThreshold | int | `3` |  |
+| dashboard.readinessProbe.httpGet.path | string | `"/"` |  |
+| dashboard.readinessProbe.httpGet.port | string | `"dashboard"` |  |
+| dashboard.readinessProbe.initialDelaySeconds | int | `60` |  |
+| dashboard.readinessProbe.periodSeconds | int | `10` |  |
+| dashboard.readinessProbe.successThreshold | int | `1` |  |
+| dashboard.readinessProbe.timeoutSeconds | int | `5` |  |
+| dashboard.replicaCount | int | `1` |  |
+| dashboard.resources | object | `{}` |  |
+| dashboard.securityContext | object | `{}` |  |
+| dashboard.service.port | int | `5601` |  |
+| dashboard.service.type | string | `"ClusterIP"` |  |
+| dashboard.tolerations | list | `[]` |  |
+| dashboard.volumeMounts | list | `[]` |  |
+| dashboard.volumes | list | `[]` |  |
+| fullnameOverride | string | `""` |  |
+| global.indexerUrl | string | `"https://wazuh-indexer:9200"` |  |
+| global.wazuhApiUrl | string | `"https://wazuh-master"` |  |
+| indexer.affinity | object | `{}` |  |
+| indexer.config.indexerCustomConfig | string | `""` |  |
+| indexer.config.indexerInternalUsersSecretName | string | `""` |  |
+| indexer.config.sslEnabled | bool | `true` |  |
+| indexer.image.pullPolicy | string | `"IfNotPresent"` |  |
+| indexer.image.repository | string | `"wazuh/wazuh-indexer"` |  |
+| indexer.image.tag | string | `"4.8.1"` |  |
+| indexer.imagePullSecrets | list | `[]` |  |
+| indexer.nodeSelector | object | `{}` |  |
+| indexer.podAnnotations | object | `{}` |  |
+| indexer.podLabels | object | `{}` |  |
+| indexer.podSecurityContext | object | `{}` |  |
+| indexer.replicaCount | int | `1` |  |
+| indexer.resources | object | `{}` |  |
+| indexer.securityContext.capabilities.add[0] | string | `"SYS_CHROOT"` |  |
+| indexer.storage.existingClaim | string | `""` |  |
+| indexer.storage.size | string | `"1Gi"` |  |
+| indexer.storage.storageClassName | string | `""` |  |
+| indexer.tolerations | list | `[]` |  |
+| indexer.volumeMounts | list | `[]` |  |
+| indexer.volumes | list | `[]` |  |
+| manager.config.customManagerConfig | string | `""` |  |
+| manager.config.filebeatSSLVerificationMode | string | `"none"` |  |
+| manager.config.secrets.existingSecretName | string | `""` |  |
+| manager.config.secrets.indexerPassword | string | `"SecretPassword"` |  |
+| manager.config.secrets.indexerUsername | string | `"admin"` | -----------------  WARN: Those are the default indexer credentials for the wazuh-manager, do not change unless you changed the passwords and the usernames using the indexerInternalUsersSecretName in the indexer section |
+| manager.config.secrets.wazuhApiPassword | string | `"Pho8OH1voo6eew@ahVui4Ahghu6leith"` |  |
+| manager.config.secrets.wazuhApiUsername | string | `"wazuh"` | ----------------- |
+| manager.config.secrets.wazuhAuthDPass | string | `"password"` |  |
+| manager.config.secrets.wazuhClusterKey | string | `"123a45bc67def891gh23i45jk67l8mn9"` |  |
+| manager.image.pullPolicy | string | `"IfNotPresent"` |  |
+| manager.image.repository | string | `"wazuh/wazuh-manager"` |  |
+| manager.image.tag | string | `"4.8.1"` |  |
+| manager.imagePullSecrets | list | `[]` |  |
+| manager.master.affinity | object | `{}` |  |
+| manager.master.nodeSelector | object | `{}` |  |
+| manager.master.podAnnotations | object | `{}` |  |
+| manager.master.podLabels | object | `{}` |  |
+| manager.master.podSecurityContext.fsGroup | int | `101` |  |
+| manager.master.resources | object | `{}` |  |
+| manager.master.securityContext.capabilities.add[0] | string | `"SYS_CHROOT"` |  |
+| manager.master.storage.existingClaim | string | `""` |  |
+| manager.master.storage.size | string | `"1Gi"` |  |
+| manager.master.storage.storageClassName | string | `""` |  |
+| manager.master.tolerations | list | `[]` |  |
+| manager.master.volumeMounts | list | `[]` |  |
+| manager.master.volumes | list | `[]` |  |
+| manager.service.annotations | object | `{}` |  |
+| manager.service.type | string | `"LoadBalancer"` |  |
+| manager.workers.affinity | object | `{}` |  |
+| manager.workers.nodeSelector | object | `{}` |  |
+| manager.workers.podAnnotations | object | `{}` |  |
+| manager.workers.podLabels | object | `{}` |  |
+| manager.workers.podSecurityContext.fsGroup | int | `101` |  |
+| manager.workers.replicaCount | int | `1` |  |
+| manager.workers.resources | object | `{}` |  |
+| manager.workers.securityContext.capabilities.add[0] | string | `"SYS_CHROOT"` |  |
+| manager.workers.storage.existingClaim | string | `""` |  |
+| manager.workers.storage.size | string | `"1Gi"` |  |
+| manager.workers.storage.storageClassName | string | `""` |  |
+| manager.workers.tolerations | list | `[]` |  |
+| manager.workers.volumeMounts | list | `[]` |  |
+| manager.workers.volumes | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.automount | bool | `true` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| tls.certManager.caCrtSecretName | string | `"node-tls"` |  |
+| tls.certManager.commonName | string | `"wazuh.example.com"` |  |
+| tls.certManager.dnsNames[0] | string | `"wazuh.example.com"` |  |
+| tls.certManager.dnsNames[1] | string | `"www.wazuh.example.com"` |  |
+| tls.certManager.duration | string | `"2160h"` |  |
+| tls.certManager.enabled | bool | `true` |  |
+| tls.certManager.issuer.kind | string | `"ClusterIssuer"` |  |
+| tls.certManager.issuer.name | string | `"your-issuer"` |  |
+| tls.certManager.renewBefore | string | `"360h"` |  |
+| tls.enabled | bool | `true` |  |
+| tls.secretName | string | `""` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

From 7d4fa7948aef5e04885bdd93d17d3ca7852a055c Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Tue, 30 Jul 2024 13:51:15 +0300
Subject: [PATCH 19/20] docs(wazuh): add important note for the indexer
 internal users config

---
 charts/wazuh/values.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/charts/wazuh/values.yaml b/charts/wazuh/values.yaml
index 4a3643b..3a179de 100644
--- a/charts/wazuh/values.yaml
+++ b/charts/wazuh/values.yaml
@@ -59,6 +59,13 @@ indexer:
     # The name of the configmap that includes the custom indexer config
     # Must have the following key "opensearch.yml"
     indexerCustomConfig: ""
+    # **IMPORTANT** Do not change the usernames unless you know what you are doing
+    # * as the usernames are reserved and used in many config files across the stack
+    # * Make sure to not use the default passwords for production,
+    # * make sure to provide your own internal_users.yml and update the passwords for the admin and the kibanaserver users
+    # * example internal_users.yml file https://github.com/jordanopensource/charts/tree/main/charts/wazuh/configs/indexer_conf/internal_users.yml
+    # * reflect the new passwords in the manager.config.secrets.indexerPassword
+    # * and reflect the changes for the dashboard "kibanaserver password" in the dashboard section
     # Custom indexer internal_users.yml file secretname
     # usernames and passwords hashes are in this file
     # Must have the key "internal_users.yml"

From dc414ce8335e074aac0fd6020131570a5128a081 Mon Sep 17 00:00:00 2001
From: Mohamad Berjawi <mohamad.fberjawi@gmail.com>
Date: Tue, 30 Jul 2024 14:01:17 +0300
Subject: [PATCH 20/20] refactor(wazuh): remove the unused and demo users for
 the indexer

---
 .../configs/indexer_conf/internal_users.yml   | 39 ++-----------------
 1 file changed, 3 insertions(+), 36 deletions(-)

diff --git a/charts/wazuh/configs/indexer_conf/internal_users.yml b/charts/wazuh/configs/indexer_conf/internal_users.yml
index d9f05b3..5a01d60 100644
--- a/charts/wazuh/configs/indexer_conf/internal_users.yml
+++ b/charts/wazuh/configs/indexer_conf/internal_users.yml
@@ -14,43 +14,10 @@ admin:
   hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
   reserved: true
   backend_roles:
-  - "admin"
-  description: "Demo admin user"
+    - "admin"
+  description: "Opensearch administrator used by the manager"
 
 kibanaserver:
   hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
   reserved: true
-  description: "Demo kibanaserver user"
-
-kibanaro:
-  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
-  reserved: false
-  backend_roles:
-  - "kibanauser"
-  - "readall"
-  attributes:
-    attribute1: "value1"
-    attribute2: "value2"
-    attribute3: "value3"
-  description: "Demo kibanaro user"
-
-logstash:
-  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
-  reserved: false
-  backend_roles:
-  - "logstash"
-  description: "Demo logstash user"
-
-readall:
-  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
-  reserved: false
-  backend_roles:
-  - "readall"
-  description: "Demo readall user"
-
-snapshotrestore:
-  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
-  reserved: false
-  backend_roles:
-  - "snapshotrestore"
-  description: "Demo snapshotrestore user"
+  description: "the kibanaserver user for the dashboard"