wazuh / wazuh-kubernetes

Wazuh - Wazuh Kubernetes
https://wazuh.com/
GNU General Public License v2.0
269 stars 168 forks source link

Wazuh on OpenShift #241

Open ghost opened 2 years ago

ghost commented 2 years ago

Hi,

This repository seems to be for AMAZON EKS.

Is RedHat OpenShift supported?

On OpenShift there are Security Context Constraints (SCC), which is nice for enforcing security on the OpenShift cluster. But installation fails on OpenShift as the SYS_CHROOT capabilities are not allowed on OpenShift.

On the elasic this seem to be resolved by adding using a route on OpenShift.

https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-openshift.html

Any plan to support OpenShift in the future? Or to provide instructions on how to install wazuh on OpenShift?

teddytpc1 commented 2 years ago

Hi @stafwag-idirect. OpenShift is not supported by the current Kubernetes deployment and it is not in our roadmap at the moment. We will analyze the possibility of including it in the future.

pugetc commented 1 year ago

Hi, we are also interested to use Wazuh on our OpenShift clusters. Is there any update on this topic? thanks.

teddytpc1 commented 1 year ago

Hi @pugetc. No, we do not hay updates on this topic yet.

Akitash commented 8 months ago

@pugetc I can say that I was able to set up Wazuh 4.7.2 in a Openshift/OKD cluster and the instances run without any problems. However, it takes a while to get through to the repo.

I've running Wazuh on OKD-4.13/4.15

habscout commented 5 months ago

@pugetc I can say that I was able to set up Wazuh 4.7.2 in a Openshift/OKD cluster and the instances run without any problems. However, it takes a while to get through to the repo.

I've running Wazuh on OKD-4.13/4.15

I am very interested to learn how you were able to set up Wazuh in an Openshift/OKD cluster. Please share.

Akitash commented 5 months ago

@habscout

I am very interested to learn how you were able to set up Wazuh in an Openshift/OKD cluster. Please share.

I've simply created some ServiceAccounts, assigned them and created also some SecurityContextConstraints for the service accounts that I created before wazuh-manager-worker, wazuh-manager-master, wazuh-indexer, wazuh-dashboard. It is not the best SecurityContextPolicy but it works. The scc looks like:

---
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
  name: wazuh-scc
allowPrivilegedContainer: false
allowedCapabilities:
- SYS_CHROOT
runAsUser:
  type: MustRunAs
  uid: 101
seLinuxContext:
  type: MustRunAs
fsGroup:
  type: MustRunAs
  ranges:
  - min: 101
    max: 101
supplementalGroups:
  type: MustRunAs
  ranges:
  - min: 101
    max: 101
users:
- system:serviceaccount:wazuh:wazuh-manager-worker
- system:serviceaccount:wazuh:wazuh-manager-master
- system:serviceaccount:wazuh:wazuh-indexer
- system:serviceaccount:wazuh:wazuh-dashboard

For the connection I created a ingress that matches all ports