You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, Wazuh utilizes an .sh-based approach for managing certificates. While functional, this method presents certain challenges, including manual rotation and limited support for modern Kubernetes environments which are based on the GitOps approach.
To address these challenges, I propose to use cert-manager for managing the certificates in the Wazuh deployment. cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will enable us to automate the certificate management process and make it more secure and maintainable.
Please, consider the following pros of the proposed solution:
Industry standard: cert-manager is a de-facto standard for managing certificates in Kubernetes, thus we can assume, that it's already present in the most of the Kubernetes clusters.
Security: It's a well-known and well-maintained solution, which makes it possible to rely on it without worying about significat security issues.
Ease of Use: cert-manager implements a solid and easy to use API for certficate management.
Certificate Automation: cert-manager enables us to forget about manual cerficates rotation, which improves overall solution maintainability.
GitOps Eligible: Using cert-manager enables us to use the GitOps appoach; we can store the cert-manager resources in the GitOps repository and apply them to the cluster using ArgoCD or FluxCD without exposing any sensitive data in a git repo.
Please let me know if you have any questions or concerns about the proposed solution.
I'd be happy to help you with the implementation of the proposed solution and provide a pull request with the changes.
Best regards,
George
/ The Cozystack Development Team /
The text was updated successfully, but these errors were encountered:
Hello,
Currently, Wazuh utilizes an
.sh
-based approach for managing certificates. While functional, this method presents certain challenges, including manual rotation and limited support for modern Kubernetes environments which are based on theGitOps
approach.To address these challenges, I propose to use
cert-manager
for managing the certificates in the Wazuh deployment.cert-manager
is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will enable us to automate the certificate management process and make it more secure and maintainable.Please, consider the following pros of the proposed solution:
cert-manager
is a de-facto standard for managing certificates in Kubernetes, thus we can assume, that it's already present in the most of the Kubernetes clusters.cert-manager
implements a solid and easy to use API for certficate management.cert-manager
enables us to forget about manual cerficates rotation, which improves overall solution maintainability.cert-manager
enables us to use theGitOps
appoach; we can store thecert-manager
resources in the GitOps repository and apply them to the cluster usingArgoCD
orFluxCD
without exposing any sensitive data in agit
repo.Please let me know if you have any questions or concerns about the proposed solution.
I'd be happy to help you with the implementation of the proposed solution and provide a pull request with the changes.
Best regards,
George
/ The Cozystack Development Team /
The text was updated successfully, but these errors were encountered: