how to change namespace from other than wazuh

[ghalib9001]

Hello,
We are trying to deploy this in kubernetes in a devn and production environment and we need to isolate it based on the namespace. Is there a way for us to use custom namespace with this? something like wazuh-dev, wazuh-prod?
We tried changing the namespace but when we did, the agents would not connect for some reason. they would show up in the dashboard but would never go past the "never connected" stage
Thanks.

[Thorgrym]

Is the agent connecting properly when you don't change the namespace ?
If not the problem could be this : #547

[ghalib9001]

yes the agents are connecting fine when we set the namespace to wazuh. btw we're using wazuh 4.7.2 for the server and the agents

[crlsgms]

I managed to change the namespace creating it first on kubernetes (Im using rancher + longhorn + rke)

the main reference is the wazuh/base/wazuh-ns.yaml file:
apiVersion: v1 kind: Namespace metadata: name: change-to-the-already-created-namespace

and a rough sed, probably not the best way, but works for now:
go to the root wazuh-kubernetes folder and run

grep -r "namespace: wazuh" | cut -d: -f1 | xargs sed -i 's/namespace: wazuh/namespace: change-to-the-already-created-namespace/g'

[crlsgms]

Please ignore my suggestion, as it will replace the namespace globally and that will break some other services.

The correct goal was to on the main kustomization.yaml be set and globally be pushed to all deployments on the overlays (eks / local-env)

it actually works on deployment, but it breaks communication between the worker nodes and each other if the namespace is not wazuh overall.

I'm trying to compare here and debug what is the difference on a custom namespace and wazuh namespace, as when I try to register agents it will only work if the deployment was done to wazuh namespace.

[crlsgms]

update on my lab testing, for example I have two namespaces, dummyclient and wazuh.

I used the default wazuh-kubernetes-4.8.0 kustomize default packages, only change I did was on the root kustomize.yaml and changed the namespace from wazuh to dummyclient.

doing this the deployment works fine, dashboard works, filebeat also, but the workers cannot connect to the cluster manager

[crlsgms]

the issue can be solved adding the new namespace on the ossec.conf files, as its hardcoded the expected pod hostname:

<cluster>
    <name>wazuh</name>
    <node_name>wazuh-manager-master</node_name>
    <node_type>master</node_type>
    <key>to_be_replaced_by_cluster_key</key>
    <port>1516</port>
    <bind_addr>0.0.0.0</bind_addr>
    <nodes>
        <node>wazuh-manager-master-0.wazuh-cluster.wazuh</node>
    </nodes>
    <hidden>no</hidden>
    <disabled>no</disabled>
  </cluster>

kubernetes default dns host format is as follows:
service-name>.<namespace>.<cluster-name>:<service-port>

so the namespace must follow the one with the kustomize deployment

[davidjiglesias]

We are redesigning our Kubernetes deployment for 5.0.0.