diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..9af3a007
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,12 @@
+wazuh/certs/dashboard_http/*.pem
+wazuh/certs/dashboard_http/*.key
+wazuh/certs/indexer_cluster/*.pem
+wazuh/certs/indexer_cluster/*.key
+wazuh/certs/indexer_cluster/*.csr
+wazuh/certs/indexer_cluster/*.slr
+wazuh-eks/certs/dashboard_http/*.pem
+wazuh-eks/certs/dashboard_http/*.key
+wazuh-eks/certs/indexer_cluster/*.pem
+wazuh-eks/certs/indexer_cluster/*.key
+wazuh-eks/certs/indexer_cluster/*.csr
+wazuh-eks/certs/indexer_cluster/*.slr
diff --git a/envs/eks-nlb/dashboard-resources.yaml b/envs/eks-nlb/dashboard-resources.yaml
new file mode 100644
index 00000000..afff95ae
--- /dev/null
+++ b/envs/eks-nlb/dashboard-resources.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: wazuh-dashboard
+ namespace: wazuh
+spec:
+ template:
+ spec:
+ containers:
+ - name: wazuh-dashboard
+ resources:
+ requests:
+ cpu: 200m
+ memory: 512Mi
+ limits:
+ cpu: 400m
+ memory: 2Gi
diff --git a/envs/eks-nlb/indexer-resources.yaml b/envs/eks-nlb/indexer-resources.yaml
new file mode 100644
index 00000000..85ee2fde
--- /dev/null
+++ b/envs/eks-nlb/indexer-resources.yaml
@@ -0,0 +1,35 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: wazuh-indexer
+ namespace: wazuh
+spec:
+ template:
+ spec:
+ containers:
+ - name: wazuh-indexer
+ resources:
+ requests:
+ cpu: 500m
+ memory: 1Gi
+ limits:
+ cpu: 1
+ memory: 2Gi
+ volumeClaimTemplates:
+ - metadata:
+ name: wazuh-indexer
+ namespace: indexer-cluster
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: wazuh-storage
+ resources:
+ requests:
+ storage: 10Gi
diff --git a/envs/eks-nlb/kustomization.yml b/envs/eks-nlb/kustomization.yml
new file mode 100644
index 00000000..552338cd
--- /dev/null
+++ b/envs/eks-nlb/kustomization.yml
@@ -0,0 +1,17 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../wazuh-eks
+patches:
+- path: storage-class.yaml
+- path: indexer-resources.yaml
+- path: dashboard-resources.yaml
+- path: wazuh-master-resources.yaml
+- path: wazuh-worker-resources.yaml
diff --git a/envs/eks-nlb/storage-class.yaml b/envs/eks-nlb/storage-class.yaml
new file mode 100644
index 00000000..48422819
--- /dev/null
+++ b/envs/eks-nlb/storage-class.yaml
@@ -0,0 +1,19 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh StorageClass
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: wazuh-storage
+provisioner: kubernetes.io/aws-ebs
+parameters:
+ encrypted: 'true'
+ type: gp2
+volumeBindingMode: WaitForFirstConsumer
+reclaimPolicy: Retain # Useful in case you delete the PersistentVolumeClaim
diff --git a/envs/eks-nlb/wazuh-master-resources.yaml b/envs/eks-nlb/wazuh-master-resources.yaml
new file mode 100644
index 00000000..54ac774f
--- /dev/null
+++ b/envs/eks-nlb/wazuh-master-resources.yaml
@@ -0,0 +1,35 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: wazuh-manager-master
+ namespace: wazuh
+spec:
+ template:
+ spec:
+ containers:
+ - name: wazuh-manager
+ resources:
+ requests:
+ cpu: 1
+ memory: 1Gi
+ limits:
+ cpu: 2
+ memory: 2Gi
+ volumeClaimTemplates:
+ - metadata:
+ name: wazuh-manager-master
+ namespace: wazuh
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: wazuh-storage
+ resources:
+ requests:
+ storage: 50Gi
diff --git a/envs/eks-nlb/wazuh-worker-resources.yaml b/envs/eks-nlb/wazuh-worker-resources.yaml
new file mode 100644
index 00000000..668c3ff5
--- /dev/null
+++ b/envs/eks-nlb/wazuh-worker-resources.yaml
@@ -0,0 +1,35 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: wazuh-manager-worker
+ namespace: wazuh
+spec:
+ template:
+ spec:
+ containers:
+ - name: wazuh-manager
+ resources:
+ requests:
+ cpu: 1
+ memory: 1Gi
+ limits:
+ cpu: 2
+ memory: 2Gi
+ volumeClaimTemplates:
+ - metadata:
+ name: wazuh-manager-worker
+ namespace: wazuh
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: wazuh-storage
+ resources:
+ requests:
+ storage: 50Gi
diff --git a/wazuh-eks/base/storage-class.yaml b/wazuh-eks/base/storage-class.yaml
new file mode 100644
index 00000000..9f675b0b
--- /dev/null
+++ b/wazuh-eks/base/storage-class.yaml
@@ -0,0 +1,14 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh StorageClass
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: wazuh-storage
+# provisioner: k8s.io/minikube-hostpath
\ No newline at end of file
diff --git a/wazuh-eks/base/wazuh-ns.yaml b/wazuh-eks/base/wazuh-ns.yaml
new file mode 100644
index 00000000..0063ab85
--- /dev/null
+++ b/wazuh-eks/base/wazuh-ns.yaml
@@ -0,0 +1,13 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh namespace
+
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: wazuh
diff --git a/wazuh-eks/certs/dashboard_http/generate_certs.sh b/wazuh-eks/certs/dashboard_http/generate_certs.sh
new file mode 100755
index 00000000..6e847249
--- /dev/null
+++ b/wazuh-eks/certs/dashboard_http/generate_certs.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR
+
+openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
diff --git a/wazuh-eks/certs/indexer_cluster/generate_certs.sh b/wazuh-eks/certs/indexer_cluster/generate_certs.sh
new file mode 100755
index 00000000..cef0e2c4
--- /dev/null
+++ b/wazuh-eks/certs/indexer_cluster/generate_certs.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR
+
+echo "Root CA"
+
+openssl genrsa -out root-ca-key.pem 2048
+
+openssl req -days 3650 -new -x509 -sha256 -key root-ca-key.pem -out root-ca.pem -subj "/C=US/L=California/O=Company/CN=root-ca"
+
+echo "Admin cert"
+
+echo "create: admin-key-temp.pem"
+
+openssl genrsa -out admin-key-temp.pem 2048
+
+echo "create: admin-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
+
+echo "create: admin.csr"
+
+openssl req -days 3650 -new -key admin-key.pem -out admin.csr -subj "/C=US/L=California/O=Company/CN=admin"
+
+echo "create: admin.pem"
+
+openssl x509 -req -days 3650 -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem
+
+
+echo "* Node cert"
+
+echo "create: node-key-temp.pem"
+
+openssl genrsa -out node-key-temp.pem 2048
+
+echo "create: node-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in node-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node-key.pem
+
+echo "create: node.csr"
+
+openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=wazuh-internal-lb"
+
+echo "create: node.pem"
+
+openssl x509 -req -days 3650 -in node.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node.pem
+
+echo "* dashboard cert"
+
+echo "create: dashboard-key-temp.pem"
+
+openssl genrsa -out dashboard-key-temp.pem 2048
+
+echo "create: dashboard-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in dashboard-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out dashboard-key.pem
+
+echo "create: dashboard.csr"
+
+openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
+
+echo "create: dashboard.pem"
+
+openssl x509 -req -days 3650 -in dashboard.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out dashboard.pem
+
+
+
+echo "* Filebeat cert"
+
+echo "create: filebeat-key-temp.pem"
+
+openssl genrsa -out filebeat-key-temp.pem 2048
+
+echo "create: filebeat-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in filebeat-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out filebeat-key.pem
+
+echo "create: filebeat.csr"
+
+openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
+
+echo "create: filebeat.pem"
+
+openssl x509 -req -days 3650 -in filebeat.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out filebeat.pem
diff --git a/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml b/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
new file mode 100644
index 00000000..7a3b4b38
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
@@ -0,0 +1,102 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Dashboard Deployment
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: wazuh-dashboard
+ namespace: wazuh
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: wazuh-dashboard
+ lbtype: external
+ template:
+ metadata:
+ labels:
+ app: wazuh-dashboard
+ lbtype: external
+ name: wazuh-dashboard
+ spec:
+ volumes:
+ - name: config
+ configMap:
+ name: dashboard-conf
+ - name: dashboard-certs
+ secret:
+ secretName: dashboard-certs
+ containers:
+ - name: wazuh-dashboard
+ image: 'wazuh/wazuh-dashboard:4.9.0'
+ resources:
+ limits:
+ cpu: 500m
+ memory: 1Gi
+ volumeMounts:
+ - name: config
+ mountPath: /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+ subPath: opensearch_dashboards.yml
+ readOnly: false
+ - name: dashboard-certs
+ mountPath: /usr/share/wazuh-dashboard/certs/cert.pem
+ readOnly: true
+ subPath: cert.pem
+ - name: dashboard-certs
+ mountPath: /usr/share/wazuh-dashboard/certs/key.pem
+ readOnly: true
+ subPath: key.pem
+ - name: dashboard-certs
+ mountPath: /usr/share/wazuh-dashboard/certs/root-ca.pem
+ subPath: root-ca.pem
+ readOnly: true
+ ports:
+ - containerPort: 5601
+ name: dashboard-port
+ env:
+ - name: INDEXER_URL
+ value: 'https://wazuh-internal-lb:9200'
+ - name: INDEXER_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: indexer-cred
+ key: username
+ - name: INDEXER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: indexer-cred
+ key: password
+ - name: DASHBOARD_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: dashboard-cred
+ key: username
+ - name: DASHBOARD_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: dashboard-cred
+ key: password
+ - name: SERVER_SSL_ENABLED
+ value: "true"
+ - name: SERVER_SSL_CERTIFICATE
+ value: /usr/share/wazuh-dashboard/certs/cert.pem
+ - name: SERVER_SSL_KEY
+ value: /usr/share/wazuh-dashboard/certs/key.pem
+ - name: WAZUH_API_URL
+ value: https://wazuh-external-lb
+ - name: API_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: wazuh-api-cred
+ key: username
+ - name: API_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: wazuh-api-cred
+ key: password
diff --git a/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml b/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
new file mode 100644
index 00000000..1697e51c
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
@@ -0,0 +1,13 @@
+
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh-internal-lb:9200
+opensearch.ssl.verificationMode: none
+opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/cert.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wz-home
diff --git a/wazuh-eks/indexer_stack/wazuh-dashboard/lb-external.yaml b/wazuh-eks/indexer_stack/wazuh-dashboard/lb-external.yaml
new file mode 100644
index 00000000..8d6faf35
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-dashboard/lb-external.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: wazuh-external-lb
+ namespace: wazuh
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-type: external
+ service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+ service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+ service.beta.kubernetes.io/aws-load-balancer-name: wazuh-external-lb
+spec:
+ type: LoadBalancer
+ ports:
+ - name: manager-worker-agents-events
+ port: 1514
+ targetPort: agents-events
+ - name: manager-cluster
+ port: 1516
+ targetPort: cluster-port
+ - name: manager-master-registration
+ port: 1515
+ targetPort: registration
+ - name: manager-master-api
+ port: 55000
+ targetPort: api-port
+ - name: dashboard
+ port: 443
+ targetPort: dashboard-port
+ selector:
+ lbtype: external
\ No newline at end of file
diff --git a/wazuh-eks/indexer_stack/wazuh-dashboard/lb-internal.yaml b/wazuh-eks/indexer_stack/wazuh-dashboard/lb-internal.yaml
new file mode 100644
index 00000000..e357ced0
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-dashboard/lb-internal.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: wazuh-internal-lb
+ namespace: wazuh
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-type: internal
+ service.beta.kubernetes.io/aws-load-balancer-scheme: internal
+ service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+ service.beta.kubernetes.io/aws-load-balancer-name: wazuh-internal-lb
+spec:
+ type: LoadBalancer
+ ports:
+ - name: indexer-rest
+ port: 9200
+ targetPort: indexer-rest
+ - name: indexer-nodes
+ port: 9300
+ targetPort: indexer-nodes
+ selector:
+ lbtype: internal
+ app: wazuh-indexer
\ No newline at end of file
diff --git a/wazuh-eks/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml b/wazuh-eks/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
new file mode 100644
index 00000000..aa4f358c
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
@@ -0,0 +1,142 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Indexer StatefulSet: 3 master nodes.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: wazuh-indexer
+ namespace: wazuh
+spec:
+ replicas: 3
+ selector:
+ matchLabels:
+ app: wazuh-indexer
+ lbtype: internal
+ serviceName: wazuh-indexer
+ template:
+ metadata:
+ labels:
+ app: wazuh-indexer
+ lbtype: internal
+ name: wazuh-indexer
+ spec:
+ # Set the wazuh-indexer volume permissions so the wazuh-indexer user can use it
+ volumes:
+ - name: indexer-certs
+ secret:
+ secretName: indexer-certs
+ - name: indexer-conf
+ configMap:
+ name: indexer-conf
+ initContainers:
+ - name: volume-mount-hack
+ image: busybox
+ resources:
+ requests:
+ cpu: 50m
+ memory: 128Mi
+ limits:
+ cpu: 100m
+ memory: 256Mi
+ command:
+ - sh
+ - '-c'
+ - 'chown -R 1000:1000 /var/lib/wazuh-indexer'
+ volumeMounts:
+ - name: wazuh-indexer
+ mountPath: /var/lib/wazuh-indexer
+ - name: increase-the-vm-max-map-count
+ image: busybox
+ command:
+ - sysctl
+ - -w
+ - vm.max_map_count=262144
+ securityContext:
+ privileged: true
+ containers:
+ - name: wazuh-indexer
+ image: 'wazuh/wazuh-indexer:4.9.0'
+ resources:
+ limits:
+ cpu: 500m
+ memory: 1564Mi
+ env:
+ - name: OPENSEARCH_JAVA_OPTS
+ value: '-Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true'
+ - name: CLUSTER_NAME
+ value: wazuh
+ - name: NETWORK_HOST
+ value: "0.0.0.0"
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: DISCOVERY_SERVICE
+ value: wazuh-internal-lb
+ - name: KUBERNETES_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: DISABLE_INSTALL_DEMO_CONFIG
+ value: 'true'
+ - name: INDEXER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: indexer-cred
+ key: password
+ securityContext:
+ capabilities:
+ add: ["SYS_CHROOT"]
+ volumeMounts:
+ - name: wazuh-indexer
+ mountPath: /var/lib/wazuh-indexer
+ - name: indexer-certs
+ mountPath: /usr/share/wazuh-indexer/certs/node-key.pem
+ subPath: node-key.pem
+ readOnly: true
+ - name: indexer-certs
+ mountPath: /usr/share/wazuh-indexer/certs/node.pem
+ subPath: node.pem
+ readOnly: true
+ - name: indexer-certs
+ mountPath: /usr/share/wazuh-indexer/certs/root-ca.pem
+ subPath: root-ca.pem
+ readOnly: true
+ - name: indexer-certs
+ mountPath: /usr/share/wazuh-indexer/certs/admin.pem
+ subPath: admin.pem
+ readOnly: true
+ - name: indexer-certs
+ mountPath: /usr/share/wazuh-indexer/certs/admin-key.pem
+ subPath: admin-key.pem
+ readOnly: true
+ - name: indexer-conf
+ mountPath: /usr/share/wazuh-indexer/opensearch.yml
+ subPath: opensearch.yml
+ readOnly: true
+ - name: indexer-conf
+ mountPath: /usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+ subPath: internal_users.yml
+ readOnly: true
+ ports:
+ - containerPort: 9200
+ name: indexer-rest
+ - containerPort: 9300
+ name: indexer-nodes
+ volumeClaimTemplates:
+ - metadata:
+ name: wazuh-indexer
+ namespace: indexer-cluster
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: wazuh-storage
+ resources:
+ requests:
+ storage: 500Mi
diff --git a/wazuh-eks/indexer_stack/wazuh-indexer/indexer-svc.yaml b/wazuh-eks/indexer_stack/wazuh-indexer/indexer-svc.yaml
new file mode 100644
index 00000000..d9d0f191
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-indexer/indexer-svc.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Indexer service: Communications
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: wazuh-indexer
+ namespace: wazuh
+ labels:
+ app: wazuh-indexer
+spec:
+ selector:
+ app: wazuh-indexer
+ ports:
+ - name: indexer-nodes
+ port: 9300
+ targetPort: 9300
+ clusterIP: None
diff --git a/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml b/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml
new file mode 100644
index 00000000..d9f05b34
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml
@@ -0,0 +1,56 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+ type: "internalusers"
+ config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+ hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
+ reserved: true
+ backend_roles:
+ - "admin"
+ description: "Demo admin user"
+
+kibanaserver:
+ hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+ reserved: true
+ description: "Demo kibanaserver user"
+
+kibanaro:
+ hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+ reserved: false
+ backend_roles:
+ - "kibanauser"
+ - "readall"
+ attributes:
+ attribute1: "value1"
+ attribute2: "value2"
+ attribute3: "value3"
+ description: "Demo kibanaro user"
+
+logstash:
+ hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+ reserved: false
+ backend_roles:
+ - "logstash"
+ description: "Demo logstash user"
+
+readall:
+ hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+ reserved: false
+ backend_roles:
+ - "readall"
+ description: "Demo readall user"
+
+snapshotrestore:
+ hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+ reserved: false
+ backend_roles:
+ - "snapshotrestore"
+ description: "Demo snapshotrestore user"
diff --git a/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml b/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
new file mode 100644
index 00000000..c3027854
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
@@ -0,0 +1,31 @@
+cluster.name: ${CLUSTER_NAME}
+node.name: ${NODE_NAME}
+network.host: ${NETWORK_HOST}
+discovery.seed_hosts: wazuh-indexer-0.wazuh-indexer
+cluster.initial_master_nodes:
+ - wazuh-indexer-0
+
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+ - CN=admin,O=Company,L=California,C=US
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+ - CN=wazuh-internal-lb,O=Company,L=California,C=US
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+compatibility.override_main_response_version: true
\ No newline at end of file
diff --git a/wazuh-eks/kustomization.yml b/wazuh-eks/kustomization.yml
new file mode 100644
index 00000000..01f97627
--- /dev/null
+++ b/wazuh-eks/kustomization.yml
@@ -0,0 +1,64 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+# Adds wazuh namespace to all resources.
+namespace: wazuh
+
+secretGenerator:
+ - name: indexer-certs
+ files:
+ - certs/indexer_cluster/root-ca.pem
+ - certs/indexer_cluster/node.pem
+ - certs/indexer_cluster/node-key.pem
+ - certs/indexer_cluster/dashboard.pem
+ - certs/indexer_cluster/dashboard-key.pem
+ - certs/indexer_cluster/admin.pem
+ - certs/indexer_cluster/admin-key.pem
+ - certs/indexer_cluster/filebeat.pem
+ - certs/indexer_cluster/filebeat-key.pem
+ - name: dashboard-certs
+ files:
+ - certs/dashboard_http/cert.pem
+ - certs/dashboard_http/key.pem
+ - certs/indexer_cluster/root-ca.pem
+
+configMapGenerator:
+ - name: indexer-conf
+ files:
+ - indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
+ - indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml
+ - name: wazuh-conf
+ files:
+ - wazuh_managers/wazuh_conf/master.conf
+ - wazuh_managers/wazuh_conf/worker.conf
+ - name: dashboard-conf
+ files:
+ - indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
+
+resources:
+ - base/wazuh-ns.yaml
+ - base/storage-class.yaml
+
+ - secrets/wazuh-api-cred-secret.yaml
+ - secrets/wazuh-authd-pass-secret.yaml
+ - secrets/wazuh-cluster-key-secret.yaml
+ - secrets/dashboard-cred-secret.yaml
+ - secrets/indexer-cred-secret.yaml
+
+ - wazuh_managers/wazuh-master-sts.yaml
+ - wazuh_managers/wazuh-worker-sts.yaml
+ - wazuh_managers/wazuh-cluster-svc.yaml
+
+ - indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
+ - indexer_stack/wazuh-indexer/indexer-svc.yaml
+
+ - indexer_stack/wazuh-dashboard/lb-external.yaml
+ - indexer_stack/wazuh-dashboard/lb-internal.yaml
+ - indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
diff --git a/wazuh-eks/secrets/dashboard-cred-secret.yaml b/wazuh-eks/secrets/dashboard-cred-secret.yaml
new file mode 100644
index 00000000..078f8776
--- /dev/null
+++ b/wazuh-eks/secrets/dashboard-cred-secret.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2022 Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh dashboard API credentials secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: dashboard-cred
+data:
+ username: a2liYW5hc2VydmVy # string "kibanaserver" base64 encoded
+ password: a2liYW5hc2VydmVy # string "kibanaserver" base64 encoded
diff --git a/wazuh-eks/secrets/indexer-cred-secret.yaml b/wazuh-eks/secrets/indexer-cred-secret.yaml
new file mode 100644
index 00000000..3f159c5a
--- /dev/null
+++ b/wazuh-eks/secrets/indexer-cred-secret.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh API credentials secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: indexer-cred
+data:
+ username: YWRtaW4= # string "admin" base64 encoded
+ password: U2VjcmV0UGFzc3dvcmQ= # string "SecretPassword" base64 encoded
diff --git a/wazuh-eks/secrets/wazuh-api-cred-secret.yaml b/wazuh-eks/secrets/wazuh-api-cred-secret.yaml
new file mode 100644
index 00000000..b6628f95
--- /dev/null
+++ b/wazuh-eks/secrets/wazuh-api-cred-secret.yaml
@@ -0,0 +1,17 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh API credentials secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: wazuh-api-cred
+ namespace: wazuh
+data:
+ username: d2F6dWgtd3Vp # string "wazuh-wui" base64 encoded
+ password: TXlTM2NyMzdQNDUwci4qLQ== # string "MyS3cr37P450r.*-" base64 encoded
diff --git a/wazuh-eks/secrets/wazuh-authd-pass-secret.yaml b/wazuh-eks/secrets/wazuh-authd-pass-secret.yaml
new file mode 100644
index 00000000..03b4b6b8
--- /dev/null
+++ b/wazuh-eks/secrets/wazuh-authd-pass-secret.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh authd password secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: wazuh-authd-pass
+ namespace: wazuh
+data:
+ authd.pass: cGFzc3dvcmQ= # string "password" base64 encoded
diff --git a/wazuh-eks/secrets/wazuh-cluster-key-secret.yaml b/wazuh-eks/secrets/wazuh-cluster-key-secret.yaml
new file mode 100644
index 00000000..cbe50253
--- /dev/null
+++ b/wazuh-eks/secrets/wazuh-cluster-key-secret.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh cluster key secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: wazuh-cluster-key
+ namespace: wazuh
+data:
+ key: MTIzYTQ1YmM2N2RlZjg5MWdoMjNpNDVqazY3bDhtbjk= # string "123a45bc67def891gh23i45jk67l8mn9" base64 encoded
diff --git a/wazuh-eks/wazuh_managers/wazuh-cluster-svc.yaml b/wazuh-eks/wazuh_managers/wazuh-cluster-svc.yaml
new file mode 100644
index 00000000..ce3c7c8e
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh-cluster-svc.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh cluster Service: Manager nodes communication
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: wazuh-cluster
+ namespace: wazuh
+ labels:
+ app: wazuh-manager
+spec:
+ selector:
+ app: wazuh-manager
+ ports:
+ - name: cluster
+ port: 1516
+ targetPort: 1516
+ clusterIP: None
diff --git a/wazuh-eks/wazuh_managers/wazuh-master-sts.yaml b/wazuh-eks/wazuh_managers/wazuh-master-sts.yaml
new file mode 100644
index 00000000..52a51daa
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh-master-sts.yaml
@@ -0,0 +1,161 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh master StatefulSet
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: wazuh-manager-master
+ namespace: wazuh
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: wazuh-manager
+ node-type: master
+ lbtype: external
+ serviceName: wazuh-cluster
+ podManagementPolicy: Parallel
+ template:
+ metadata:
+ labels:
+ app: wazuh-manager
+ node-type: master
+ lbtype: external
+ name: wazuh-manager-master
+ spec:
+ volumes:
+ - name: config
+ configMap:
+ name: wazuh-conf
+ - name: filebeat-certs
+ secret:
+ secretName: indexer-certs
+ - name: wazuh-authd-pass
+ secret:
+ secretName: wazuh-authd-pass
+ securityContext:
+ fsGroup: 101
+ containers:
+ - name: wazuh-manager
+ image: 'wazuh/wazuh-manager:4.9.0'
+ resources:
+ limits:
+ cpu: 400m
+ memory: 512Mi
+ securityContext:
+ capabilities:
+ add: ["SYS_CHROOT"]
+ volumeMounts:
+ - name: config
+ mountPath: /wazuh-config-mount/etc/ossec.conf
+ subPath: master.conf
+ readOnly: true
+ - name: filebeat-certs
+ mountPath: /etc/ssl/root-ca.pem
+ readOnly: true
+ subPath: root-ca.pem
+ - name: filebeat-certs
+ mountPath: /etc/ssl/filebeat.pem
+ subPath: filebeat.pem
+ readOnly: true
+ - name: filebeat-certs
+ mountPath: /etc/ssl/filebeat.key
+ subPath: filebeat-key.pem
+ readOnly: true
+ - name: wazuh-authd-pass
+ mountPath: /wazuh-config-mount/etc/authd.pass
+ subPath: authd.pass
+ readOnly: true
+ - name: wazuh-manager-master
+ mountPath: /var/ossec/api/configuration
+ subPath: wazuh/var/ossec/api/configuration
+ - name: wazuh-manager-master
+ mountPath: /var/ossec/etc
+ subPath: wazuh/var/ossec/etc
+ - name: wazuh-manager-master
+ mountPath: /var/ossec/logs
+ subPath: wazuh/var/ossec/logs
+ - name: wazuh-manager-master
+ mountPath: /var/ossec/queue
+ subPath: wazuh/var/ossec/queue
+ - name: wazuh-manager-master
+ mountPath: /var/ossec/var/multigroups
+ subPath: wazuh/var/ossec/var/multigroups
+ - name: wazuh-manager-master
+ mountPath: /var/ossec/integrations
+ subPath: wazuh/var/ossec/integrations
+ - name: wazuh-manager-master
+ mountPath: /var/ossec/active-response/bin
+ subPath: wazuh/var/ossec/active-response/bin
+ - name: wazuh-manager-master
+ mountPath: /var/ossec/agentless
+ subPath: wazuh/var/ossec/agentless
+ - name: wazuh-manager-master
+ mountPath: /var/ossec/wodles
+ subPath: wazuh/var/ossec/wodles
+ - name: wazuh-manager-master
+ mountPath: /etc/filebeat
+ subPath: filebeat/etc/filebeat
+ - name: wazuh-manager-master
+ mountPath: /var/lib/filebeat
+ subPath: filebeat/var/lib/filebeat
+ ports:
+ - containerPort: 1515
+ name: registration
+ - containerPort: 1516
+ name: cluster-port
+ - containerPort: 55000
+ name: api-port
+ env:
+ - name: INDEXER_URL
+ value: 'https://wazuh-internal-lb:9200'
+ - name: INDEXER_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: indexer-cred
+ key: username
+ - name: INDEXER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: indexer-cred
+ key: password
+ - name: FILEBEAT_SSL_VERIFICATION_MODE
+ value: 'full'
+ - name: SSL_CERTIFICATE_AUTHORITIES
+ value: /etc/ssl/root-ca.pem
+ - name: SSL_CERTIFICATE
+ value: /etc/ssl/filebeat.pem
+ - name: SSL_KEY
+ value: /etc/ssl/filebeat.key
+ - name: API_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: wazuh-api-cred
+ key: username
+ - name: API_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: wazuh-api-cred
+ key: password
+ - name: WAZUH_CLUSTER_KEY
+ valueFrom:
+ secretKeyRef:
+ name: wazuh-cluster-key
+ key: key
+ volumeClaimTemplates:
+ - metadata:
+ name: wazuh-manager-master
+ namespace: wazuh
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: wazuh-storage
+ resources:
+ requests:
+ storage: 500Mi
diff --git a/wazuh-eks/wazuh_managers/wazuh-worker-sts.yaml b/wazuh-eks/wazuh_managers/wazuh-worker-sts.yaml
new file mode 100644
index 00000000..55e2aa18
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh-worker-sts.yaml
@@ -0,0 +1,148 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh workers StatefulSet
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: wazuh-manager-worker
+ namespace: wazuh
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app: wazuh-manager
+ node-type: worker
+ lbtype: external
+ serviceName: wazuh-cluster
+ podManagementPolicy: Parallel
+ template:
+ metadata:
+ labels:
+ app: wazuh-manager
+ node-type: worker
+ lbtype: external
+ name: wazuh-manager-worker
+ spec:
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ topologyKey: kubernetes.io/hostname
+ volumes:
+ - name: config
+ configMap:
+ name: wazuh-conf
+ - name: filebeat-certs
+ secret:
+ secretName: indexer-certs
+ securityContext:
+ fsGroup: 101
+ containers:
+ - name: wazuh-manager
+ image: 'wazuh/wazuh-manager:4.9.0'
+ resources:
+ limits:
+ cpu: 400m
+ memory: 512Mi
+ securityContext:
+ capabilities:
+ add: ["SYS_CHROOT"]
+ volumeMounts:
+ - name: config
+ mountPath: /wazuh-config-mount/etc/ossec.conf
+ subPath: worker.conf
+ readOnly: true
+ - name: filebeat-certs
+ mountPath: /etc/ssl/root-ca.pem
+ readOnly: true
+ subPath: root-ca.pem
+ - name: filebeat-certs
+ mountPath: /etc/ssl/filebeat.pem
+ subPath: filebeat.pem
+ readOnly: true
+ - name: filebeat-certs
+ mountPath: /etc/ssl/filebeat.key
+ subPath: filebeat-key.pem
+ readOnly: true
+ - name: wazuh-manager-worker
+ mountPath: /var/ossec/api/configuration
+ subPath: wazuh/var/ossec/api/configuration
+ - name: wazuh-manager-worker
+ mountPath: /var/ossec/etc
+ subPath: wazuh/var/ossec/etc
+ - name: wazuh-manager-worker
+ mountPath: /var/ossec/logs
+ subPath: wazuh/var/ossec/logs
+ - name: wazuh-manager-worker
+ mountPath: /var/ossec/queue
+ subPath: wazuh/var/ossec/queue
+ - name: wazuh-manager-worker
+ mountPath: /var/ossec/var/multigroups
+ subPath: wazuh/var/ossec/var/multigroups
+ - name: wazuh-manager-worker
+ mountPath: /var/ossec/integrations
+ subPath: wazuh/var/ossec/integrations
+ - name: wazuh-manager-worker
+ mountPath: /var/ossec/active-response/bin
+ subPath: wazuh/var/ossec/active-response/bin
+ - name: wazuh-manager-worker
+ mountPath: /var/ossec/agentless
+ subPath: wazuh/var/ossec/agentless
+ - name: wazuh-manager-worker
+ mountPath: /var/ossec/wodles
+ subPath: wazuh/var/ossec/wodles
+ - name: wazuh-manager-worker
+ mountPath: /etc/filebeat
+ subPath: filebeat/etc/filebeat
+ - name: wazuh-manager-worker
+ mountPath: /var/lib/filebeat
+ subPath: filebeat/var/lib/filebeat
+ ports:
+ - containerPort: 1514
+ name: agents-events
+ - containerPort: 1516
+ name: cluster-port
+ env:
+ - name: INDEXER_URL
+ value: 'https://wazuh-internal-lb:9200'
+ - name: INDEXER_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: indexer-cred
+ key: username
+ - name: INDEXER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: indexer-cred
+ key: password
+ - name: FILEBEAT_SSL_VERIFICATION_MODE
+ value: 'full'
+ - name: SSL_CERTIFICATE_AUTHORITIES
+ value: /etc/ssl/root-ca.pem
+ - name: SSL_CERTIFICATE
+ value: /etc/ssl/filebeat.pem
+ - name: SSL_KEY
+ value: /etc/ssl/filebeat.key
+ - name: WAZUH_CLUSTER_KEY
+ valueFrom:
+ secretKeyRef:
+ name: wazuh-cluster-key
+ key: key
+ volumeClaimTemplates:
+ - metadata:
+ name: wazuh-manager-worker
+ namespace: wazuh
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: wazuh-storage
+ resources:
+ requests:
+ storage: 500Mi
diff --git a/wazuh-eks/wazuh_managers/wazuh_conf/master.conf b/wazuh-eks/wazuh_managers/wazuh_conf/master.conf
new file mode 100644
index 00000000..f2c4a583
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh_conf/master.conf
@@ -0,0 +1,344 @@
+
+
+
+ yes
+ yes
+ no
+ no
+ no
+ smtp.example.wazuh.com
+ ossecm@example.wazuh.com
+ recipient@example.wazuh.com
+ 12
+ alerts.log
+ 131072
+ 20s
+ 100s
+
+
+
+ 3
+ 12
+
+
+
+
+ plain
+
+
+
+ secure
+ 1514
+ tcp
+ 131072
+
+
+
+
+ no
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+ 43200
+
+ /var/ossec/etc/rootcheck/rootkit_files.txt
+ /var/ossec/etc/rootcheck/rootkit_trojans.txt
+
+ /var/ossec/etc/rootcheck/system_audit_rcl.txt
+ /var/ossec/etc/rootcheck/system_audit_ssh.txt
+
+ yes
+
+
+
+ yes
+ 1800
+ 1d
+ yes
+
+
+
+ yes
+ 1800
+ 1d
+ yes
+
+ wodles/java
+ wodles/ciscat
+
+
+
+
+ yes
+ yes
+ /var/log/osquery/osqueryd.results.log
+ /etc/osquery/osquery.conf
+ yes
+
+
+
+
+ no
+ 1h
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+
+ yes
+ yes
+ 60m
+
+
+
+ yes
+
+ https://wazuh-internal-lb:9200
+
+ admin
+ VDPass
+
+
+ /etc/ssl/root-ca.pem
+
+ /etc/ssl/filebeat.pem
+ /etc/ssl/filebeat.key
+
+
+
+
+
+ no
+
+
+ 43200
+
+ yes
+
+
+ yes
+
+
+ no
+
+
+ /etc,/usr/bin,/usr/sbin
+ /bin,/sbin,/boot
+
+
+ /etc/mtab
+ /etc/hosts.deny
+ /etc/mail/statistics
+ /etc/random-seed
+ /etc/random.seed
+ /etc/adjtime
+ /etc/httpd/logs
+ /etc/utmpx
+ /etc/wtmpx
+ /etc/cups/certs
+ /etc/dumpdates
+ /etc/svc/volatile
+ /sys/kernel/security
+ /sys/kernel/debug
+
+
+ /etc/ssl/private.key
+
+ yes
+
+
+ yes
+
+
+ yes
+
+
+
+
+ 127.0.0.1
+ ^localhost.localdomain$
+ 10.66.0.2
+
+
+
+ disable-account
+ disable-account.sh
+ user
+ yes
+
+
+
+ restart-ossec
+ restart-ossec.sh
+
+
+
+
+ firewall-drop
+ firewall-drop
+ yes
+
+
+
+ host-deny
+ host-deny.sh
+ srcip
+ yes
+
+
+
+ route-null
+ route-null.sh
+ srcip
+ yes
+
+
+
+ win_route-null
+ route-null.cmd
+ srcip
+ yes
+
+
+
+ win_route-null-2012
+ route-null-2012.cmd
+ srcip
+ yes
+
+
+
+ netsh
+ netsh.cmd
+ srcip
+ yes
+
+
+
+ netsh-win-2016
+ netsh-win-2016.cmd
+ srcip
+ yes
+
+
+
+
+
+
+ command
+ df -P
+ 360
+
+
+
+ full_command
+ netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+ netstat listening ports
+ 360
+
+
+
+ full_command
+ last -n 20
+ 360
+
+
+
+
+ ruleset/decoders
+ ruleset/rules
+ 0215-policy_rules.xml
+ etc/lists/audit-keys
+ etc/lists/amazon/aws-sources
+ etc/lists/amazon/aws-eventnames
+
+
+ etc/decoders
+ etc/rules
+
+
+
+ yes
+ 1
+ 64
+ 15m
+
+
+
+
+ no
+ 1515
+ no
+
+ yes
+ yes
+ 1h
+ 1h
+
+ no
+ yes
+ HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
+
+ no
+ /var/ossec/etc/sslmanager.cert
+ /var/ossec/etc/sslmanager.key
+ no
+
+
+
+ wazuh
+ wazuh-manager-master
+ master
+ to_be_replaced_by_cluster_key
+ 1516
+ 0.0.0.0
+
+ wazuh-manager-master-0.wazuh-cluster.wazuh
+
+ no
+ no
+
+
+
+
+
+ syslog
+ /var/ossec/logs/active-responses.log
+
+
+
+ syslog
+ /var/log/syslog
+
+
+
+ syslog
+ /var/log/dpkg.log
+
+
diff --git a/wazuh-eks/wazuh_managers/wazuh_conf/worker.conf b/wazuh-eks/wazuh_managers/wazuh_conf/worker.conf
new file mode 100644
index 00000000..2d56dff0
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh_conf/worker.conf
@@ -0,0 +1,344 @@
+
+
+
+ yes
+ yes
+ no
+ no
+ no
+ smtp.example.wazuh.com
+ ossecm@example.wazuh.com
+ recipient@example.wazuh.com
+ 12
+ alerts.log
+ 131072
+ 20s
+ 100s
+
+
+
+ 3
+ 12
+
+
+
+
+ plain
+
+
+
+ secure
+ 1514
+ tcp
+ 131072
+
+
+
+
+ no
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+ 43200
+
+ /var/ossec/etc/rootcheck/rootkit_files.txt
+ /var/ossec/etc/rootcheck/rootkit_trojans.txt
+
+ /var/ossec/etc/rootcheck/system_audit_rcl.txt
+ /var/ossec/etc/rootcheck/system_audit_ssh.txt
+
+ yes
+
+
+
+ yes
+ 1800
+ 1d
+ yes
+
+
+
+ yes
+ 1800
+ 1d
+ yes
+
+ wodles/java
+ wodles/ciscat
+
+
+
+
+ yes
+ yes
+ /var/log/osquery/osqueryd.results.log
+ /etc/osquery/osquery.conf
+ yes
+
+
+
+
+ no
+ 1h
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+
+ yes
+ yes
+ 60m
+
+
+
+ yes
+
+ https://wazuh-internal-lb:9200
+
+ admin
+ VDPass
+
+
+ /etc/ssl/root-ca.pem
+
+ /etc/ssl/filebeat.pem
+ /etc/ssl/filebeat.key
+
+
+
+
+
+ no
+
+
+ 43200
+
+ yes
+
+
+ yes
+
+
+ no
+
+
+ /etc,/usr/bin,/usr/sbin
+ /bin,/sbin,/boot
+
+
+ /etc/mtab
+ /etc/hosts.deny
+ /etc/mail/statistics
+ /etc/random-seed
+ /etc/random.seed
+ /etc/adjtime
+ /etc/httpd/logs
+ /etc/utmpx
+ /etc/wtmpx
+ /etc/cups/certs
+ /etc/dumpdates
+ /etc/svc/volatile
+ /sys/kernel/security
+ /sys/kernel/debug
+
+
+ /etc/ssl/private.key
+
+ yes
+
+
+ yes
+
+
+ yes
+
+
+
+
+ 127.0.0.1
+ ^localhost.localdomain$
+ 10.66.0.2
+
+
+
+ disable-account
+ disable-account.sh
+ user
+ yes
+
+
+
+ restart-ossec
+ restart-ossec.sh
+
+
+
+
+ firewall-drop
+ firewall-drop
+ yes
+
+
+
+ host-deny
+ host-deny.sh
+ srcip
+ yes
+
+
+
+ route-null
+ route-null.sh
+ srcip
+ yes
+
+
+
+ win_route-null
+ route-null.cmd
+ srcip
+ yes
+
+
+
+ win_route-null-2012
+ route-null-2012.cmd
+ srcip
+ yes
+
+
+
+ netsh
+ netsh.cmd
+ srcip
+ yes
+
+
+
+ netsh-win-2016
+ netsh-win-2016.cmd
+ srcip
+ yes
+
+
+
+
+
+
+ command
+ df -P
+ 360
+
+
+
+ full_command
+ netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+ netstat listening ports
+ 360
+
+
+
+ full_command
+ last -n 20
+ 360
+
+
+
+
+ ruleset/decoders
+ ruleset/rules
+ 0215-policy_rules.xml
+ etc/lists/audit-keys
+ etc/lists/amazon/aws-sources
+ etc/lists/amazon/aws-eventnames
+
+
+ etc/decoders
+ etc/rules
+
+
+
+ yes
+ 1
+ 64
+ 15m
+
+
+
+
+ no
+ 1515
+ no
+
+ yes
+ yes
+ 1h
+ 1h
+
+ no
+ no
+ HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
+
+ no
+ /var/ossec/etc/sslmanager.cert
+ /var/ossec/etc/sslmanager.key
+ no
+
+
+
+ wazuh
+ to_be_replaced_by_hostname
+ worker
+ to_be_replaced_by_cluster_key
+ 1516
+ 0.0.0.0
+
+ wazuh-manager-master-0.wazuh-cluster.wazuh
+
+ no
+ no
+
+
+
+
+
+ syslog
+ /var/ossec/logs/active-responses.log
+
+
+
+ syslog
+ /var/log/syslog
+
+
+
+ syslog
+ /var/log/dpkg.log
+
+