wazuh · vcerenu · Jan 24, 2024 · Jan 25, 2024 · Jan 25, 2024 · Jan 31, 2024
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,12 @@
+wazuh/certs/dashboard_http/*.pem
+wazuh/certs/dashboard_http/*.key
+wazuh/certs/indexer_cluster/*.pem
+wazuh/certs/indexer_cluster/*.key
+wazuh/certs/indexer_cluster/*.csr
+wazuh/certs/indexer_cluster/*.slr
+wazuh-eks/certs/dashboard_http/*.pem
+wazuh-eks/certs/dashboard_http/*.key
+wazuh-eks/certs/indexer_cluster/*.pem
+wazuh-eks/certs/indexer_cluster/*.key
+wazuh-eks/certs/indexer_cluster/*.csr
+wazuh-eks/certs/indexer_cluster/*.slr
diff --git a/envs/eks-nlb/dashboard-resources.yaml b/envs/eks-nlb/dashboard-resources.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wazuh-dashboard
+  namespace: wazuh
+spec:
+  template:
+    spec:
+      containers:
+        - name: wazuh-dashboard
+          resources:
+            requests:
+              cpu: 200m
+              memory: 512Mi
+            limits:
+              cpu: 400m
+              memory: 2Gi
diff --git a/envs/eks-nlb/indexer-resources.yaml b/envs/eks-nlb/indexer-resources.yaml
@@ -0,0 +1,35 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-indexer
+  namespace: wazuh
+spec:
+  template:
+    spec:
+      containers:
+        - name: wazuh-indexer
+          resources:
+            requests:
+              cpu: 500m
+              memory: 1Gi
+            limits:
+              cpu: 1
+              memory: 2Gi
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-indexer
+        namespace: indexer-cluster
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 10Gi
diff --git a/envs/eks-nlb/kustomization.yml b/envs/eks-nlb/kustomization.yml
@@ -0,0 +1,17 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../wazuh-eks
+patches:
+- path: storage-class.yaml
+- path: indexer-resources.yaml
+- path: dashboard-resources.yaml
+- path: wazuh-master-resources.yaml
+- path: wazuh-worker-resources.yaml
diff --git a/envs/eks-nlb/storage-class.yaml b/envs/eks-nlb/storage-class.yaml
@@ -0,0 +1,19 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh StorageClass
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: wazuh-storage
+provisioner: kubernetes.io/aws-ebs
+parameters:
+  encrypted: 'true'
+  type: gp2
+volumeBindingMode: WaitForFirstConsumer
+reclaimPolicy: Retain  # Useful in case you delete the PersistentVolumeClaim
diff --git a/envs/eks-nlb/wazuh-master-resources.yaml b/envs/eks-nlb/wazuh-master-resources.yaml
@@ -0,0 +1,35 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-manager-master
+  namespace: wazuh
+spec:
+  template:
+    spec:
+      containers:
+        - name: wazuh-manager
+          resources:
+            requests:
+              cpu: 1
+              memory: 1Gi
+            limits:
+              cpu: 2
+              memory: 2Gi
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-manager-master
+        namespace: wazuh
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 50Gi
diff --git a/envs/eks-nlb/wazuh-worker-resources.yaml b/envs/eks-nlb/wazuh-worker-resources.yaml
@@ -0,0 +1,35 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-manager-worker
+  namespace: wazuh
+spec:
+  template:
+    spec:
+      containers:
+        - name: wazuh-manager
+          resources:
+            requests:
+              cpu: 1
+              memory: 1Gi
+            limits:
+              cpu: 2
+              memory: 2Gi
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-manager-worker
+        namespace: wazuh
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 50Gi
diff --git a/wazuh-eks/base/storage-class.yaml b/wazuh-eks/base/storage-class.yaml
@@ -0,0 +1,14 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh StorageClass
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: wazuh-storage
+# provisioner: k8s.io/minikube-hostpath
diff --git a/wazuh-eks/base/wazuh-ns.yaml b/wazuh-eks/base/wazuh-ns.yaml
@@ -0,0 +1,13 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh namespace
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: wazuh
diff --git a/wazuh-eks/certs/dashboard_http/generate_certs.sh b/wazuh-eks/certs/dashboard_http/generate_certs.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR
+
+openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
diff --git a/wazuh-eks/certs/indexer_cluster/generate_certs.sh b/wazuh-eks/certs/indexer_cluster/generate_certs.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR
+
+echo "Root CA"
+
+openssl genrsa -out root-ca-key.pem 2048
+
+openssl req -days 3650 -new -x509 -sha256 -key root-ca-key.pem -out root-ca.pem -subj "/C=US/L=California/O=Company/CN=root-ca"
+
+echo "Admin cert"
+
+echo "create: admin-key-temp.pem"
+
+openssl genrsa -out admin-key-temp.pem 2048
+
+echo "create: admin-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
+
+echo "create: admin.csr"
+
+openssl req -days 3650 -new -key admin-key.pem -out admin.csr -subj "/C=US/L=California/O=Company/CN=admin"
+
+echo "create: admin.pem"
+
+openssl x509 -req -days 3650 -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem
+
+
+echo "* Node cert"
+
+echo "create: node-key-temp.pem"
+
+openssl genrsa -out node-key-temp.pem 2048
+
+echo "create: node-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in node-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node-key.pem
+
+echo "create: node.csr"
+
+openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=wazuh-internal-lb"
+
+echo "create: node.pem"
+
+openssl x509 -req -days 3650 -in node.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node.pem
+
+echo "* dashboard cert"
+
+echo "create: dashboard-key-temp.pem"
+
+openssl genrsa -out dashboard-key-temp.pem 2048
+
+echo "create: dashboard-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in dashboard-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out dashboard-key.pem
+
+echo "create: dashboard.csr"
+
+openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
+
+echo "create: dashboard.pem"
+
+openssl x509 -req -days 3650 -in dashboard.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out dashboard.pem
+
+
+
+echo "* Filebeat cert"
+
+echo "create: filebeat-key-temp.pem"
+
+openssl genrsa -out filebeat-key-temp.pem 2048
+
+echo "create: filebeat-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in filebeat-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out filebeat-key.pem
+
+echo "create: filebeat.csr"
+
+openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
+
+echo "create: filebeat.pem"
+
+openssl x509 -req -days 3650 -in filebeat.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out filebeat.pem