From d3edfdcfe2e7945389767db8437349f08b5a5f5d Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 6 Nov 2024 10:20:40 -0300 Subject: [PATCH 01/27] Add new env variable --- .github/workflows/deployment-test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 1a7b5cf3..47c8ae6c 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -14,6 +14,9 @@ permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout +env: + AWS_REGION: us-east-1 + jobs: EKS_deployment_test: runs-on: ubuntu-20.04 @@ -27,7 +30,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_IAM_ROLE }} - aws-region: "${{ secrets.AWS_REGION }}" + aws-region: "${{ env.AWS_REGION }}" - name: Install eksctl run: | From dc2a92831a0cad39645e5ed645936beff8ffbdf1 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 6 Nov 2024 11:07:02 -0300 Subject: [PATCH 02/27] test minikube --- .github/workflows/deployment-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 47c8ae6c..8f66b400 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -115,4 +115,4 @@ jobs: run: wazuh/certs/dashboard_http/generate_certs.sh - name: Deploy Wazuh stack - run: minikube kubectl apply -k envs/local/ \ No newline at end of file + run: kubectl apply -k envs/local/ \ No newline at end of file From 6c1140e648743d2522eddf7487d307bfda99f44c Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 6 Nov 2024 13:14:56 -0300 Subject: [PATCH 03/27] add delete eks cluster --- .github/workflows/deployment-test.yml | 48 +++++++++++++++------------ 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 8f66b400..e235a435 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -43,36 +43,36 @@ jobs: - name: Deploy eks cluster run: | - eksctl create cluster && \ + eksctl create cluster \ --name test-eks-deploy-${{ github.event.number }} && \ - --with-oidc && \ - --region us-east-1 && \ - --nodes-min 6 && \ - --nodes-max 6 && \ - --managed && \ - --spot && \ - -t t3a.medium && \ + --with-oidc \ + --region ${{ env.AWS_REGION }} \ + --nodes-min 6 \ + --nodes-max 6 \ + --managed \ + --spot \ + -t t3a.medium \ --tags "issue=https://github.com/wazuh/wazuh-kubernetes/pull/${{ github.event.number }},team=devops,termination_date=2030-01-01 21:00:00" - name: Create sa for ebs-csi-controller run: | - eksctl create iamserviceaccount && \ - --name ebs-csi-controller-sa && \ - --region us-east-1 && \ - --namespace kube-system && \ + eksctl create iamserviceaccount \ + --name ebs-csi-controller-sa \ + --region ${{ env.AWS_REGION }} \ + --namespace kube-system \ --cluster test-eks-deploy-${{ github.event.number }} && \ - --role-name AmazonEKS_EBS_CSI_DriverRole_test-eks-deploy-${{ github.event.number }} && \ - --role-only && \ - --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy && \ + --role-name AmazonEKS_EBS_CSI_DriverRole_test-eks-deploy-${{ github.event.number }} \ + --role-only \ + --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ --approve - name: Install addon aws-ebs-csi-driver into a eks cluster deployed run: | - eksctl create addon && \ - --name aws-ebs-csi-driver && \ - --cluster test-eks-deploy-${{ github.event.number }} && \ - --region ${{ secrets.AWS_REGION }} && \ - --service-account-role-arn arn:aws:iam::567970947422:role/AmazonEKS_EBS_CSI_DriverRole_test-eks-deploy-${{ github.event.number }} && \ + eksctl create addon \ + --name aws-ebs-csi-driver \ + --cluster test-eks-deploy-${{ github.event.number }} \ + --region ${{ env.AWS_REGION }} \ + --service-account-role-arn arn:aws:iam::567970947422:role/AmazonEKS_EBS_CSI_DriverRole_test-eks-deploy-${{ github.event.number }} \ --force - name: Create Wazuh indexer certificates @@ -84,6 +84,12 @@ jobs: - name: Deploy Wazuh stack run: kubectl apply -k envs/eks/ + - name: Delete eks cluster + run: | + eksctl delete cluster \ + --name test-eks-deploy-${{ github.event.number }} \ + --region ${{ env.AWS_REGION }} + Local_deployment_test: runs-on: ubuntu-20.04 steps: @@ -115,4 +121,4 @@ jobs: run: wazuh/certs/dashboard_http/generate_certs.sh - name: Deploy Wazuh stack - run: kubectl apply -k envs/local/ \ No newline at end of file + run: kubectl apply -k envs/local-env/ \ No newline at end of file From 17f2c8e732049d0a1308ca52fd0cf58f2fa26446 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 6 Nov 2024 13:19:42 -0300 Subject: [PATCH 04/27] Fix cluster name --- .github/workflows/deployment-test.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index e235a435..72ba0318 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -44,7 +44,7 @@ jobs: - name: Deploy eks cluster run: | eksctl create cluster \ - --name test-eks-deploy-${{ github.event.number }} && \ + --name test-eks-deploy-${{ github.event.number }}-a\ --with-oidc \ --region ${{ env.AWS_REGION }} \ --nodes-min 6 \ @@ -60,7 +60,7 @@ jobs: --name ebs-csi-controller-sa \ --region ${{ env.AWS_REGION }} \ --namespace kube-system \ - --cluster test-eks-deploy-${{ github.event.number }} && \ + --cluster test-eks-deploy-${{ github.event.number }}-a \ --role-name AmazonEKS_EBS_CSI_DriverRole_test-eks-deploy-${{ github.event.number }} \ --role-only \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ @@ -70,7 +70,7 @@ jobs: run: | eksctl create addon \ --name aws-ebs-csi-driver \ - --cluster test-eks-deploy-${{ github.event.number }} \ + --cluster test-eks-deploy-${{ github.event.number }}-a \ --region ${{ env.AWS_REGION }} \ --service-account-role-arn arn:aws:iam::567970947422:role/AmazonEKS_EBS_CSI_DriverRole_test-eks-deploy-${{ github.event.number }} \ --force @@ -87,7 +87,7 @@ jobs: - name: Delete eks cluster run: | eksctl delete cluster \ - --name test-eks-deploy-${{ github.event.number }} \ + --name test-eks-deploy-${{ github.event.number }}-a \ --region ${{ env.AWS_REGION }} Local_deployment_test: From 08f2faf418c9abe2137208a384e7c67b102476c2 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 6 Nov 2024 13:25:43 -0300 Subject: [PATCH 05/27] Add wait and status --- .github/workflows/deployment-test.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 72ba0318..3019d071 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -84,6 +84,12 @@ jobs: - name: Deploy Wazuh stack run: kubectl apply -k envs/eks/ + - name: Wait 5 minutes for Wazuh stack startup + run: sleep 5m + + - name: View stack status + run: kubectl get all -n wazuh -o wide + - name: Delete eks cluster run: | eksctl delete cluster \ @@ -121,4 +127,10 @@ jobs: run: wazuh/certs/dashboard_http/generate_certs.sh - name: Deploy Wazuh stack - run: kubectl apply -k envs/local-env/ \ No newline at end of file + run: kubectl apply -k envs/local-env/ + + - name: Wait 5 minutes for Wazuh stack startup + run: sleep 5m + + - name: View stack status + run: kubectl get all -n wazuh -o wide \ No newline at end of file From 8bbc40f48e5560f84ec30b439ac811450dcb6790 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 6 Nov 2024 14:22:31 -0300 Subject: [PATCH 06/27] Add wait and status --- .github/workflows/deployment-test.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 3019d071..6a82f798 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -44,7 +44,7 @@ jobs: - name: Deploy eks cluster run: | eksctl create cluster \ - --name test-eks-deploy-${{ github.event.number }}-a\ + --name test-eks-deploy-${{ github.event.number }}-a \ --with-oidc \ --region ${{ env.AWS_REGION }} \ --nodes-min 6 \ @@ -91,6 +91,7 @@ jobs: run: kubectl get all -n wazuh -o wide - name: Delete eks cluster + if: always() run: | eksctl delete cluster \ --name test-eks-deploy-${{ github.event.number }}-a \ @@ -126,6 +127,10 @@ jobs: - name: Create Wazuh dashboard certificates run: wazuh/certs/dashboard_http/generate_certs.sh + - name: Change provisioner for minikube + run: | + sed -i 's/provisioner: microk8s.io\/hostpath/# provisioner: microk8s.io\/hostpath/; s/# provisioner: k8s.io\/minikube-hostpath/provisioner: k8s.io\/minikube-hostpath/' envs/local-env/storage-class.yaml + - name: Deploy Wazuh stack run: kubectl apply -k envs/local-env/ From 7a2469253e334c9de919bb9af2677f88b6a80d78 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 7 Nov 2024 06:52:06 -0300 Subject: [PATCH 07/27] Change role name --- .github/workflows/deployment-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 6a82f798..a0055521 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -61,7 +61,7 @@ jobs: --region ${{ env.AWS_REGION }} \ --namespace kube-system \ --cluster test-eks-deploy-${{ github.event.number }}-a \ - --role-name AmazonEKS_EBS_CSI_DriverRole_test-eks-deploy-${{ github.event.number }} \ + --role-name eksctl-EBS-CSI-DriverRole-test-eks-deploy-${{ github.event.number }}-a \ --role-only \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ --approve @@ -72,7 +72,7 @@ jobs: --name aws-ebs-csi-driver \ --cluster test-eks-deploy-${{ github.event.number }}-a \ --region ${{ env.AWS_REGION }} \ - --service-account-role-arn arn:aws:iam::567970947422:role/AmazonEKS_EBS_CSI_DriverRole_test-eks-deploy-${{ github.event.number }} \ + --service-account-role-arn arn:aws:iam::567970947422:role/eksctl-EBS-CSI-DriverRole-test-eks-deploy-${{ github.event.number }}-a \ --force - name: Create Wazuh indexer certificates From e6dee260da5f6817091d26aee6be8d205734cc78 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 8 Nov 2024 10:31:52 -0300 Subject: [PATCH 08/27] Add tests for k8s cluster --- .github/workflows/deployment-test.yml | 199 +++++++++++++++++++++++++- 1 file changed, 198 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index a0055521..3616ede7 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -90,6 +90,109 @@ jobs: - name: View stack status run: kubectl get all -n wazuh -o wide + - name: View Wazuh dashboard logs + run: kubectl logs $(kubectl get pods -n wazuh | grep wazuh-dashboard | awk '{print $1;}') -n wazuh + + - name: View Wazuh indexer 0 logs + run: kubectl logs wazuh-indexer-0 -n wazuh + + - name: View Wazuh indexer 1 logs + run: kubectl logs wazuh-indexer-1 -n wazuh + + - name: View Wazuh indexer 2 logs + run: kubectl logs wazuh-indexer-2 -n wazuh + + - name: View Wazuh manager master logs + run: kubectl logs wazuh-manager-master-0 -n wazuh + + - name: View Wazuh manager worker 0 logs + run: kubectl logs wazuh-manager-worker-0 -n wazuh + + - name: View Wazuh manager worker 1 logs + run: kubectl logs wazuh-manager-worker-1 -n wazuh + + - name: Save URLs for each component + run: | + echo "DASHBOARD_URL=$(kubectl get service dashboard -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" >> $GITHUB_ENV + echo "INDEXER_URL=$(kubectl get service indexer -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" >> $GITHUB_ENV + echo "MANAGER_URL=$(kubectl get service wazuh -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" >> $GITHUB_ENV + + - name: Check Wazuh indexer start + run: | + status_green="`curl -XGET "{{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" + if [[ $status_green -eq 1 ]]; then + curl -XGET "{{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s + else + curl -XGET "{{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s + exit 1 + fi + status_index="`curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" + status_index_green="`curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`" + if [[ $status_index_green -eq $status_index ]]; then + curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s + else + curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s + exit 1 + fi + + - name: Check Wazuh indexer nodes + run: | + nodes="`curl -XGET "{{ env.INDEXER_URL }}/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" + if [[ $nodes -eq 1 ]]; then + echo "Wazuh indexer nodes: ${nodes}" + else + echo "Wazuh indexer nodes: ${nodes}" + exit 1 + fi + + - name: Check documents into wazuh-alerts index + run: | + sleep 120 + docs="`curl -XGET "{{ env.INDEXER_URL }}/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" + if [[ $docs -gt 0 ]]; then + echo "wazuh-alerts index documents: ${docs}" + else + echo "wazuh-alerts index documents: ${docs}" + exit 1 + fi + + - name: Check Wazuh templates + run: | + qty_templates="`curl -XGET "{{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`" + templates="`curl -XGET "{{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`" + if [[ $qty_templates -gt 3 ]]; then + echo "wazuh templates:" + echo "${templates}" + else + echo "wazuh templates:" + echo "${templates}" + exit 1 + fi + + - name: Check Wazuh manager start + run: | + services="`curl -k -s -X GET "{{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" + if [[ $services -gt 9 ]]; then + echo "Wazuh Manager Services: ${services}" + echo "OK" + else + echo "Wazuh indexer nodes: ${nodes}" + curl -k -X GET "{{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items + exit 1 + fi + env: + TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "{{ env.MANAGER_URL }}/security/user/authenticate?raw=true") + + - name: Check Wazuh dashboard service URL + run: | + status=$(curl -XGET --silent {{ env.DASHBOARD_URL }}/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}') + if [[ $status -eq 200 ]]; then + echo "Wazuh dashboard status: ${status}" + else + echo "Wazuh dashboard status: ${status}" + exit 1 + fi + - name: Delete eks cluster if: always() run: | @@ -138,4 +241,98 @@ jobs: run: sleep 5m - name: View stack status - run: kubectl get all -n wazuh -o wide \ No newline at end of file + run: kubectl get all -n wazuh -o wide + + - name: View Wazuh dashboard logs + run: kubectl logs $(kubectl get pods -n wazuh | grep wazuh-dashboard | awk '{print $1;}') -n wazuh + + - name: View Wazuh indexer 0 logs + run: kubectl logs wazuh-indexer-0 -n wazuh + + - name: View Wazuh manager master logs + run: kubectl logs wazuh-manager-master-0 -n wazuh + + - name: View Wazuh manager worker 0 logs + run: kubectl logs wazuh-manager-worker-0 -n wazuh + + - name: Save URLs for each component + run: | + echo "DASHBOARD_URL=$(minikube service dashboard -n wazuh --url | sed 's|^http://|https://|')" >> $GITHUB_ENV + echo "INDEXER_URL=$(minikube service indexer -n wazuh --url | sed 's|^http://|https://|')" >> $GITHUB_ENV + echo "MANAGER_URL=$(minikube service wazuh -n wazuh | grep '^api/55000' | awk '{print $2}' | sed 's|^http://|https://|')" >> $GITHUB_ENV + + - name: Check Wazuh indexer start + run: | + status_green="`curl -XGET "{{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" + if [[ $status_green -eq 1 ]]; then + curl -XGET "{{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s + else + curl -XGET "{{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s + exit 1 + fi + status_index="`curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" + status_index_green="`curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`" + if [[ $status_index_green -eq $status_index ]]; then + curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s + else + curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s + exit 1 + fi + + - name: Check Wazuh indexer nodes + run: | + nodes="`curl -XGET "{{ env.INDEXER_URL }}/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" + if [[ $nodes -eq 1 ]]; then + echo "Wazuh indexer nodes: ${nodes}" + else + echo "Wazuh indexer nodes: ${nodes}" + exit 1 + fi + + - name: Check documents into wazuh-alerts index + run: | + sleep 120 + docs="`curl -XGET "{{ env.INDEXER_URL }}/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" + if [[ $docs -gt 0 ]]; then + echo "wazuh-alerts index documents: ${docs}" + else + echo "wazuh-alerts index documents: ${docs}" + exit 1 + fi + + - name: Check Wazuh templates + run: | + qty_templates="`curl -XGET "{{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`" + templates="`curl -XGET "{{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`" + if [[ $qty_templates -gt 3 ]]; then + echo "wazuh templates:" + echo "${templates}" + else + echo "wazuh templates:" + echo "${templates}" + exit 1 + fi + + - name: Check Wazuh manager start + run: | + services="`curl -k -s -X GET "{{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" + if [[ $services -gt 9 ]]; then + echo "Wazuh Manager Services: ${services}" + echo "OK" + else + echo "Wazuh indexer nodes: ${nodes}" + curl -k -X GET "{{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items + exit 1 + fi + env: + TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "{{ env.MANAGER_URL }}/security/user/authenticate?raw=true") + + - name: Check Wazuh dashboard service URL + run: | + status=$(curl -XGET --silent {{ env.DASHBOARD_URL }}/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}') + if [[ $status -eq 200 ]]; then + echo "Wazuh dashboard status: ${status}" + else + echo "Wazuh dashboard status: ${status}" + exit 1 + fi \ No newline at end of file From 1b01a19814d72a3d2fb768089322269eff46ca5b Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 8 Nov 2024 12:56:50 -0300 Subject: [PATCH 09/27] Add protocol and port --- .github/workflows/deployment-test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 3616ede7..be53155f 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -113,9 +113,9 @@ jobs: - name: Save URLs for each component run: | - echo "DASHBOARD_URL=$(kubectl get service dashboard -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" >> $GITHUB_ENV - echo "INDEXER_URL=$(kubectl get service indexer -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" >> $GITHUB_ENV - echo "MANAGER_URL=$(kubectl get service wazuh -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" >> $GITHUB_ENV + echo 'DASHBOARD_URL=https://"$(kubectl get service dashboard -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"' >> $GITHUB_ENV + echo 'INDEXER_URL=https://"$(kubectl get service indexer -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')":9200' >> $GITHUB_ENV + echo 'MANAGER_URL=https://"$(kubectl get service wazuh -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')":55000' >> $GITHUB_ENV - name: Check Wazuh indexer start run: | From 09f731950c193a6bfbfb79543df62f1eb0faa57d Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 8 Nov 2024 13:21:27 -0300 Subject: [PATCH 10/27] Add protocol and port --- .github/workflows/deployment-test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index be53155f..fb9d843a 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -113,9 +113,9 @@ jobs: - name: Save URLs for each component run: | - echo 'DASHBOARD_URL=https://"$(kubectl get service dashboard -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"' >> $GITHUB_ENV - echo 'INDEXER_URL=https://"$(kubectl get service indexer -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')":9200' >> $GITHUB_ENV - echo 'MANAGER_URL=https://"$(kubectl get service wazuh -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')":55000' >> $GITHUB_ENV + echo 'DASHBOARD_URL=https://$(kubectl get service dashboard -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')' >> $GITHUB_ENV + echo 'INDEXER_URL=https://$(kubectl get service indexer -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):9200' >> $GITHUB_ENV + echo 'MANAGER_URL=https://$(kubectl get service wazuh -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):55000' >> $GITHUB_ENV - name: Check Wazuh indexer start run: | From cf36192aec0b5a97f4f8602e8556b62a5f94deb8 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 8 Nov 2024 14:57:47 -0300 Subject: [PATCH 11/27] Add protocol and port --- .github/workflows/deployment-test.yml | 60 +++++++++++++-------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index fb9d843a..2c88d8dc 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -119,25 +119,25 @@ jobs: - name: Check Wazuh indexer start run: | - status_green="`curl -XGET "{{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" + status_green="`curl -XGET "${{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" if [[ $status_green -eq 1 ]]; then - curl -XGET "{{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s + curl -XGET "${{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s else - curl -XGET "{{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s + curl -XGET "${{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s exit 1 fi - status_index="`curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" - status_index_green="`curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`" + status_index="`curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" + status_index_green="`curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`" if [[ $status_index_green -eq $status_index ]]; then - curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s + curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s else - curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s + curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s exit 1 fi - name: Check Wazuh indexer nodes run: | - nodes="`curl -XGET "{{ env.INDEXER_URL }}/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" + nodes="`curl -XGET "${{ env.INDEXER_URL }}/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" if [[ $nodes -eq 1 ]]; then echo "Wazuh indexer nodes: ${nodes}" else @@ -148,7 +148,7 @@ jobs: - name: Check documents into wazuh-alerts index run: | sleep 120 - docs="`curl -XGET "{{ env.INDEXER_URL }}/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" + docs="`curl -XGET "${{ env.INDEXER_URL }}/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" if [[ $docs -gt 0 ]]; then echo "wazuh-alerts index documents: ${docs}" else @@ -158,8 +158,8 @@ jobs: - name: Check Wazuh templates run: | - qty_templates="`curl -XGET "{{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`" - templates="`curl -XGET "{{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`" + qty_templates="`curl -XGET "${{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`" + templates="`curl -XGET "${{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`" if [[ $qty_templates -gt 3 ]]; then echo "wazuh templates:" echo "${templates}" @@ -171,21 +171,21 @@ jobs: - name: Check Wazuh manager start run: | - services="`curl -k -s -X GET "{{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" + services="`curl -k -s -X GET "${{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" if [[ $services -gt 9 ]]; then echo "Wazuh Manager Services: ${services}" echo "OK" else echo "Wazuh indexer nodes: ${nodes}" - curl -k -X GET "{{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items + curl -k -X GET "${{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items exit 1 fi env: - TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "{{ env.MANAGER_URL }}/security/user/authenticate?raw=true") + TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "${{ env.MANAGER_URL }}/security/user/authenticate?raw=true") - name: Check Wazuh dashboard service URL run: | - status=$(curl -XGET --silent {{ env.DASHBOARD_URL }}/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}') + status=$(curl -XGET --silent ${{ env.DASHBOARD_URL }}/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}') if [[ $status -eq 200 ]]; then echo "Wazuh dashboard status: ${status}" else @@ -263,25 +263,25 @@ jobs: - name: Check Wazuh indexer start run: | - status_green="`curl -XGET "{{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" + status_green="`curl -XGET "${{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" if [[ $status_green -eq 1 ]]; then - curl -XGET "{{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s + curl -XGET "${{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s else - curl -XGET "{{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s + curl -XGET "${{ env.INDEXER_URL }}/_cluster/health" -u admin:SecretPassword -k -s exit 1 fi - status_index="`curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" - status_index_green="`curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`" + status_index="`curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" + status_index_green="`curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`" if [[ $status_index_green -eq $status_index ]]; then - curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s + curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s else - curl -XGET "{{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s + curl -XGET "${{ env.INDEXER_URL }}/_cat/indices" -u admin:SecretPassword -k -s exit 1 fi - name: Check Wazuh indexer nodes run: | - nodes="`curl -XGET "{{ env.INDEXER_URL }}/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" + nodes="`curl -XGET "${{ env.INDEXER_URL }}/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" if [[ $nodes -eq 1 ]]; then echo "Wazuh indexer nodes: ${nodes}" else @@ -292,7 +292,7 @@ jobs: - name: Check documents into wazuh-alerts index run: | sleep 120 - docs="`curl -XGET "{{ env.INDEXER_URL }}/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" + docs="`curl -XGET "${{ env.INDEXER_URL }}/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" if [[ $docs -gt 0 ]]; then echo "wazuh-alerts index documents: ${docs}" else @@ -302,8 +302,8 @@ jobs: - name: Check Wazuh templates run: | - qty_templates="`curl -XGET "{{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`" - templates="`curl -XGET "{{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`" + qty_templates="`curl -XGET "${{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`" + templates="`curl -XGET "${{ env.INDEXER_URL }}/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`" if [[ $qty_templates -gt 3 ]]; then echo "wazuh templates:" echo "${templates}" @@ -315,21 +315,21 @@ jobs: - name: Check Wazuh manager start run: | - services="`curl -k -s -X GET "{{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" + services="`curl -k -s -X GET "${{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" if [[ $services -gt 9 ]]; then echo "Wazuh Manager Services: ${services}" echo "OK" else echo "Wazuh indexer nodes: ${nodes}" - curl -k -X GET "{{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items + curl -k -X GET "${{ env.MANAGER_URL }}/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items exit 1 fi env: - TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "{{ env.MANAGER_URL }}/security/user/authenticate?raw=true") + TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "${{ env.MANAGER_URL }}/security/user/authenticate?raw=true") - name: Check Wazuh dashboard service URL run: | - status=$(curl -XGET --silent {{ env.DASHBOARD_URL }}/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}') + status=$(curl -XGET --silent ${{ env.DASHBOARD_URL }}/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}') if [[ $status -eq 200 ]]; then echo "Wazuh dashboard status: ${status}" else From 5da3eff7764e4dae963ca9883f8d5dc843b47d67 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 8 Nov 2024 15:44:35 -0300 Subject: [PATCH 12/27] Change wait time --- .github/workflows/deployment-test.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 2c88d8dc..cd318da8 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -84,8 +84,8 @@ jobs: - name: Deploy Wazuh stack run: kubectl apply -k envs/eks/ - - name: Wait 5 minutes for Wazuh stack startup - run: sleep 5m + - name: Wait 10 minutes for Wazuh stack startup + run: sleep 10m - name: View stack status run: kubectl get all -n wazuh -o wide @@ -147,7 +147,6 @@ jobs: - name: Check documents into wazuh-alerts index run: | - sleep 120 docs="`curl -XGET "${{ env.INDEXER_URL }}/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" if [[ $docs -gt 0 ]]; then echo "wazuh-alerts index documents: ${docs}" @@ -237,8 +236,8 @@ jobs: - name: Deploy Wazuh stack run: kubectl apply -k envs/local-env/ - - name: Wait 5 minutes for Wazuh stack startup - run: sleep 5m + - name: Wait 10 minutes for Wazuh stack startup + run: sleep 10m - name: View stack status run: kubectl get all -n wazuh -o wide @@ -291,7 +290,6 @@ jobs: - name: Check documents into wazuh-alerts index run: | - sleep 120 docs="`curl -XGET "${{ env.INDEXER_URL }}/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" if [[ $docs -gt 0 ]]; then echo "wazuh-alerts index documents: ${docs}" From eaf85f991d6bd1ef0e518a9daaa8c4005b9f64d7 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Mon, 11 Nov 2024 10:10:21 -0300 Subject: [PATCH 13/27] Change Ubuntu version --- .github/workflows/deployment-test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index cd318da8..1baeef3f 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -19,7 +19,7 @@ env: jobs: EKS_deployment_test: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 steps: - name: Checkout code uses: actions/checkout@v4 @@ -138,7 +138,7 @@ jobs: - name: Check Wazuh indexer nodes run: | nodes="`curl -XGET "${{ env.INDEXER_URL }}/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" - if [[ $nodes -eq 1 ]]; then + if [[ $nodes -eq 3 ]]; then echo "Wazuh indexer nodes: ${nodes}" else echo "Wazuh indexer nodes: ${nodes}" @@ -200,7 +200,7 @@ jobs: --region ${{ env.AWS_REGION }} Local_deployment_test: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 steps: - name: Checkout code uses: actions/checkout@v4 From 1d033ced57ada972431d6e3db566055db6ba39ff Mon Sep 17 00:00:00 2001 From: vcerenu Date: Mon, 11 Nov 2024 10:13:43 -0300 Subject: [PATCH 14/27] Delete docker rmi command --- .github/workflows/deployment-test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 1baeef3f..a628bd01 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -212,7 +212,6 @@ jobs: sudo swapoff -a sudo rm -f /swapfile sudo apt clean - docker rmi $(docker image ls -aq) df -h - name: Install Minikube cluster From 9f835fbe0529f87c70af134f3d7e42e70850da42 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Mon, 11 Nov 2024 10:35:52 -0300 Subject: [PATCH 15/27] Add apt update --- .github/workflows/deployment-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index a628bd01..3b0b8f31 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -211,6 +211,7 @@ jobs: run: | sudo swapoff -a sudo rm -f /swapfile + sudo apt update -y && sudo apt upgrade -y sudo apt clean df -h From f96fd04713a8622b29fe778cbba98f1639bfc175 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 13 Nov 2024 11:26:59 -0300 Subject: [PATCH 16/27] Add minikube tunnel command --- .github/workflows/deployment-test.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 3b0b8f31..4ef9f24f 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -239,6 +239,11 @@ jobs: - name: Wait 10 minutes for Wazuh stack startup run: sleep 10m + - name: Start minikube tunnel + run: | + minikube tunnel &> /dev/null & + sleep 30 + - name: View stack status run: kubectl get all -n wazuh -o wide @@ -254,11 +259,11 @@ jobs: - name: View Wazuh manager worker 0 logs run: kubectl logs wazuh-manager-worker-0 -n wazuh - - name: Save URLs for each component + - name: Set Wazuh service URLs run: | - echo "DASHBOARD_URL=$(minikube service dashboard -n wazuh --url | sed 's|^http://|https://|')" >> $GITHUB_ENV - echo "INDEXER_URL=$(minikube service indexer -n wazuh --url | sed 's|^http://|https://|')" >> $GITHUB_ENV - echo "MANAGER_URL=$(minikube service wazuh -n wazuh | grep '^api/55000' | awk '{print $2}' | sed 's|^http://|https://|')" >> $GITHUB_ENV + echo "MANAGER_URL=https://$(kubectl get service wazuh -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].ip}'):$(kubectl get service wazuh -n wazuh -o jsonpath='{.spec.ports[?(@.port==55000)].port}')" >> $GITHUB_ENV + echo "INDEXER_URL=https://$(kubectl get service indexer -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].ip}'):$(kubectl get service indexer -n wazuh -o jsonpath='{.spec.ports[?(@.port==9200)].port}')" >> $GITHUB_ENV + echo "DASHBOARD_URL=https://$(kubectl get service dashboard -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].ip}'):$(kubectl get service dashboard -n wazuh -o jsonpath='{.spec.ports[?(@.port==443)].port}')" >> $GITHUB_ENV - name: Check Wazuh indexer start run: | From da3e2879249644363566e69cd57054c7dc3879f2 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 13 Nov 2024 13:01:53 -0300 Subject: [PATCH 17/27] Modify cluster name --- .github/workflows/deployment-test.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 4ef9f24f..039c5f8e 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -44,7 +44,7 @@ jobs: - name: Deploy eks cluster run: | eksctl create cluster \ - --name test-eks-deploy-${{ github.event.number }}-a \ + --name test-eks-deploy${{ github.event.number }} \ --with-oidc \ --region ${{ env.AWS_REGION }} \ --nodes-min 6 \ @@ -60,8 +60,8 @@ jobs: --name ebs-csi-controller-sa \ --region ${{ env.AWS_REGION }} \ --namespace kube-system \ - --cluster test-eks-deploy-${{ github.event.number }}-a \ - --role-name eksctl-EBS-CSI-DriverRole-test-eks-deploy-${{ github.event.number }}-a \ + --cluster test-eks-deploy${{ github.event.number }} \ + --role-name eksctl-EBS-CSI-DriverRole-test-eks-deploy${{ github.event.number }} \ --role-only \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ --approve @@ -70,9 +70,9 @@ jobs: run: | eksctl create addon \ --name aws-ebs-csi-driver \ - --cluster test-eks-deploy-${{ github.event.number }}-a \ + --cluster test-eks-deploy${{ github.event.number }} \ --region ${{ env.AWS_REGION }} \ - --service-account-role-arn arn:aws:iam::567970947422:role/eksctl-EBS-CSI-DriverRole-test-eks-deploy-${{ github.event.number }}-a \ + --service-account-role-arn arn:aws:iam::567970947422:role/eksctl-EBS-CSI-DriverRole-test-eks-deploy${{ github.event.number }} \ --force - name: Create Wazuh indexer certificates From 336a4dff94766565647ce027153cbab49b17cb57 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 13 Nov 2024 13:43:23 -0300 Subject: [PATCH 18/27] Modify cluster name --- .github/workflows/deployment-test.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 039c5f8e..0110a2ba 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -16,6 +16,7 @@ permissions: env: AWS_REGION: us-east-1 + CLUSTER_NAMME: test-eks-deploy${{ github.event.number }} jobs: EKS_deployment_test: @@ -44,7 +45,7 @@ jobs: - name: Deploy eks cluster run: | eksctl create cluster \ - --name test-eks-deploy${{ github.event.number }} \ + --name ${{ env.CLUSTER_NAMME }} \ --with-oidc \ --region ${{ env.AWS_REGION }} \ --nodes-min 6 \ @@ -60,8 +61,8 @@ jobs: --name ebs-csi-controller-sa \ --region ${{ env.AWS_REGION }} \ --namespace kube-system \ - --cluster test-eks-deploy${{ github.event.number }} \ - --role-name eksctl-EBS-CSI-DriverRole-test-eks-deploy${{ github.event.number }} \ + --cluster ${{ env.CLUSTER_NAMME }} \ + --role-name eksctl-EBS-CSI-DriverRole-${{ env.CLUSTER_NAMME }} \ --role-only \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ --approve @@ -70,9 +71,9 @@ jobs: run: | eksctl create addon \ --name aws-ebs-csi-driver \ - --cluster test-eks-deploy${{ github.event.number }} \ + --cluster ${{ env.CLUSTER_NAMME }} \ --region ${{ env.AWS_REGION }} \ - --service-account-role-arn arn:aws:iam::567970947422:role/eksctl-EBS-CSI-DriverRole-test-eks-deploy${{ github.event.number }} \ + --service-account-role-arn arn:aws:iam::567970947422:role/eksctl-EBS-CSI-DriverRole-${{ env.CLUSTER_NAMME }} \ --force - name: Create Wazuh indexer certificates @@ -196,7 +197,7 @@ jobs: if: always() run: | eksctl delete cluster \ - --name test-eks-deploy-${{ github.event.number }}-a \ + --name ${{ env.CLUSTER_NAMME }} \ --region ${{ env.AWS_REGION }} Local_deployment_test: From 04be563df25ac54cf77df850b91c81ff70e2970b Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 13 Nov 2024 14:38:21 -0300 Subject: [PATCH 19/27] Change env varaibles --- .github/workflows/deployment-test.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 0110a2ba..699e178f 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -112,11 +112,11 @@ jobs: - name: View Wazuh manager worker 1 logs run: kubectl logs wazuh-manager-worker-1 -n wazuh - - name: Save URLs for each component + - name: Set Wazuh service URLs run: | - echo 'DASHBOARD_URL=https://$(kubectl get service dashboard -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')' >> $GITHUB_ENV - echo 'INDEXER_URL=https://$(kubectl get service indexer -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):9200' >> $GITHUB_ENV - echo 'MANAGER_URL=https://$(kubectl get service wazuh -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):55000' >> $GITHUB_ENV + echo "MANAGER_URL=https://$(kubectl get service wazuh -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):$(kubectl get service wazuh -n wazuh -o jsonpath='{.spec.ports[?(@.port==55000)].port}')" >> $GITHUB_ENV + echo "INDEXER_URL=https://$(kubectl get service indexer -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):$(kubectl get service indexer -n wazuh -o jsonpath='{.spec.ports[?(@.port==9200)].port}')" >> $GITHUB_ENV + echo "DASHBOARD_URL=https://$(kubectl get service dashboard -n wazuh -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):$(kubectl get service dashboard -n wazuh -o jsonpath='{.spec.ports[?(@.port==443)].port}')" >> $GITHUB_ENV - name: Check Wazuh indexer start run: | From 1a4089fefde82f6a0a634f6ab1a25d0e4b95b549 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 14 Nov 2024 08:05:14 -0300 Subject: [PATCH 20/27] Add a function for delete all volumes used --- .github/workflows/deployment-test.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 699e178f..ac01cef7 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -200,6 +200,18 @@ jobs: --name ${{ env.CLUSTER_NAMME }} \ --region ${{ env.AWS_REGION }} + - name: Delete EBS dynamic volumes + if: always() + run: | + for volume_id in $(aws ec2 describe-volumes \ + --region ${{ env.AWS_REGION }} \ + --filters Name=tag:Name,Values="${{ env.CLUSTER_NAMME }}" \ + --query "Volumes[].VolumeId" \ + --output text); do + echo "Eliminando volumen con ID: $volume_id" + ## aws ec2 delete-volume --region ${{ env.AWS_REGION }} --volume-id $volume_id + done + Local_deployment_test: runs-on: ubuntu-24.04 steps: From f0c253c0720ff7d7a3039d55df4f58e107b4a1b9 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 14 Nov 2024 08:46:22 -0300 Subject: [PATCH 21/27] Fix filter name --- .github/workflows/deployment-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index ac01cef7..c9a4e4ce 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -205,7 +205,7 @@ jobs: run: | for volume_id in $(aws ec2 describe-volumes \ --region ${{ env.AWS_REGION }} \ - --filters Name=tag:Name,Values="${{ env.CLUSTER_NAMME }}" \ + --filters Name=tag:Name,Values="${{ env.CLUSTER_NAMME }}*" \ --query "Volumes[].VolumeId" \ --output text); do echo "Eliminando volumen con ID: $volume_id" From 10f073f10f1b365014b284615308d96695736e3d Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 14 Nov 2024 09:35:10 -0300 Subject: [PATCH 22/27] Uncomment delete command --- .github/workflows/deployment-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index c9a4e4ce..2fe13bf0 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -209,7 +209,7 @@ jobs: --query "Volumes[].VolumeId" \ --output text); do echo "Eliminando volumen con ID: $volume_id" - ## aws ec2 delete-volume --region ${{ env.AWS_REGION }} --volume-id $volume_id + aws ec2 delete-volume --region ${{ env.AWS_REGION }} --volume-id $volume_id done Local_deployment_test: From 375081c651cb2149f9e02da8106bc04a9adf45a1 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 14 Nov 2024 10:36:47 -0300 Subject: [PATCH 23/27] Change volume filter --- .github/workflows/deployment-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 2fe13bf0..70fecebe 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -205,7 +205,7 @@ jobs: run: | for volume_id in $(aws ec2 describe-volumes \ --region ${{ env.AWS_REGION }} \ - --filters Name=tag:Name,Values="${{ env.CLUSTER_NAMME }}*" \ + --filters Name=tag:KubernetesCluster,Values="${{ env.CLUSTER_NAMME }}" \ --query "Volumes[].VolumeId" \ --output text); do echo "Eliminando volumen con ID: $volume_id" From bf32d12a2dc1f4211e03cfbb17b6bad32130536e Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 19 Nov 2024 09:14:34 -0300 Subject: [PATCH 24/27] Change region --- .github/workflows/deployment-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 70fecebe..7c45cbb6 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -15,7 +15,7 @@ permissions: contents: read # This is required for actions/checkout env: - AWS_REGION: us-east-1 + AWS_REGION: us-west-1 CLUSTER_NAMME: test-eks-deploy${{ github.event.number }} jobs: From 7d73198a43b37272c8af2145472c69ceb924d989 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 19 Nov 2024 13:04:01 -0300 Subject: [PATCH 25/27] Add a newline --- .github/workflows/deployment-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 7c45cbb6..3d368f80 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -351,4 +351,4 @@ jobs: else echo "Wazuh dashboard status: ${status}" exit 1 - fi \ No newline at end of file + fi From b11193877c74333c10dc268a0350f03fde1b40b8 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 20 Nov 2024 10:59:59 -0300 Subject: [PATCH 26/27] Add Changelog --- CHANGELOG.md | 42 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d487df29..4ac1537d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,19 +6,55 @@ All notable changes to this project will be documented in this file. ### Added -- Update to Wazuh version [5.0.0](https://github.com/wazuh/wazuh/blob/v5.0.0/CHANGELOG.md#v500) +- New PR Checks ([#896](https://github.com/wazuh/wazuh-kubernetes/pull/896)) \- (Kubernetes workflow Test) + +### Changed + +- None + +### Fixed + +- None + +### Deleted + +- None ## [4.10.2] ### Added -- Update to Wazuh version [4.10.2](https://github.com/wazuh/wazuh/blob/v4.10.2/CHANGELOG.md#v4101) +- None + +### Changed + +- None + +### Fixed + +- None + +### Deleted + +- None ## [4.10.1] ### Added -- Update to Wazuh version [4.10.1](https://github.com/wazuh/wazuh/blob/v4.10.1/CHANGELOG.md#v4101) +- None + +### Changed + +- None + +### Fixed + +- None + +### Deleted + +- None ## [4.10.0] From 8549926c3e7793a1f94a107a226e5e2e1a7420d6 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 21 Nov 2024 06:59:42 -0300 Subject: [PATCH 27/27] Add Free disk space action --- .github/workflows/deployment-test.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/deployment-test.yml b/.github/workflows/deployment-test.yml index 3d368f80..6a62a2f7 100644 --- a/.github/workflows/deployment-test.yml +++ b/.github/workflows/deployment-test.yml @@ -220,6 +220,9 @@ jobs: with: ref: ${{ inputs.BRANCH_VERSION }} + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + - name: free disk space run: | sudo swapoff -a