High Availability Wazuh-Opensearch in Kubernetes

[victorrodriguez1984]

Version: 4.4.5 Environment: Kubernetes self managed

Hello, I am renewing certs in wazuh kubernetes for opensearch and trying to provide HA to Opensearch from wazuh cluster, URL etc...

Everything works under "demo" domain and custom domain but I am having problem trying to provide HA to Opensearch Cluster.

Therefore I generated a LB service for 9200 and add new Certs with SAN cert domains

Basically Master and Workers are looking only in demo part for a single indexer and HA is not possible only trying to connecto to a wazuh-indexer-0...if this indexer is down all cluster is down.

Master and worker configs: INDEXER_URL cannot be a List right, then LB is neccesary right?

            - name: INDEXER_URL
              # value: 'https://wazuh-indexer-0.wazuh-indexer:9200' # Default
              value: 'https://indexer.siem.svc.cluster.local:9200'  #LB Service
certificates
            - name: INDEXER_USERNAME
              valueFrom:
                secretKeyRef:
                  name: indexer-cred
                  key: username
            - name: INDEXER_PASSWORD
Opensearch.yaml config:
  opensearch.yml: |-
    cluster.name: ${CLUSTER_NAME}
    node.name: ${NODE_NAME}
    network.host: ${NETWORK_HOST}
    discovery.seed_hosts: 
       - wazuh-indexer-0.wazuh-indexer
       - wazuh-indexer-1.wazuh-indexer
    cluster.initial_master_nodes: 
       - wazuh-indexer-0
       - wazuh-indexer-1
    node.max_local_storage_nodes: "3"
    path.data: /var/lib/wazuh-indexer
    path.logs: /var/log/wazuh-indexer
    plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
    plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
    plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
    plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
    plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
    plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
    plugins.security.ssl.http.enabled: true
    plugins.security.ssl.transport.enforce_hostname_verification: false
    plugins.security.ssl.transport.resolve_hostname: false
    plugins.security.authcz.admin_dn:
      - CN=admin,O=ISCP,L=Madrid,C=ES
    plugins.security.check_snapshot_restore_write_privileges: true
    plugins.security.enable_snapshot_restore_privilege: true
    plugins.security.nodes_dn:
      - CN=*.wazuh-indexer,O=ISCP,L=Madrid,C=ES
      - CN=*.siem.svc.cluster.local,O=ISCP,L=Madrid,C=ES
      - CN=wazuh-indexer.x-siem.svc.cluster.local,O=ISCP,L=Madrid,C=ES     
    plugins.security.restapi.roles_enabled:
    - "all_access"
    - "security_rest_api_access"
    plugins.security.allow_default_init_securityindex: true
    cluster.routing.allocation.disk.threshold_enabled: false
    compatibility.override_main_response_version: true
Certificate info:
Certificate Information:
Common Name: *.wazuh-indexer
Subject Alternative Names: indexer.x-siem.svc.cluster.local, *.x-siem.svc.cluster.local
Organization: ISCP
Organization Unit: ISCP
Locality: Madrid
State: Spain
Country: ES
Valid From: October 18, 2023
Valid To: October 15, 2033
Issuer: root-ca, ISCP
Key Size: 2048 bit
Serial Number: 534e003402b49288f4ece89aa7d2c0766fa3ace6

Problem:
Master Cannot connect to Elasticsearch
Opensearch "Unkown Certificate"

Does anyone provide HA in Opensearch for Wazuh Kubernetes?

[victorrodriguez1984]

Any update or at least doc update providing Opensearch stack High Availability?