teddytpc1
commented
7 months ago These changes are working fine. However, the Wazuh manager is not being able to connect to the Wazuh indexer because of a certificate domain issue.
The Wazuh indexer certificate is signed for the *.wazuh-indexer domain. This allows the Wazuh indexer pods to use the same certificates, and it is needed if the user needs to add more replicas to the Stateful set. With the Wazuh manager VD change, the connection to the Wazuh indexer is not working because the *.wazuh-indexer domain does not match wazuh-indexer-1.wazuh-indexer. This is related to the - used in the domain. We ran some tests using domains without - and it works. So, we will open a new issue to modify the certificate generation and service URLs/domains to make it work.
Description
Related:
Due to the refactoring of the Vulnerability Detector module, the configuration of the indexer has changed. These changes in the Wazuh kubernetes deployment were done here: PR. Now, these configurations must be modified again.
Changes
The following code should be removed: https://github.com/wazuh/wazuh-kubernetes/blob/c9a2f03efb499b7a3ad840bc842147797b2f1292/wazuh/wazuh_managers/wazuh_conf/master.conf#L117-L118 https://github.com/wazuh/wazuh-kubernetes/blob/c9a2f03efb499b7a3ad840bc842147797b2f1292/wazuh/wazuh_managers/wazuh_conf/worker.conf#L117-L118
The rest of the changes have been done in the Wazuh docker repository, so it is not necessary to change more code: https://github.com/wazuh/wazuh-docker/pull/1196
With further details of the new tool, the requirements may change and be more precise.