Closed shrivastavshubham34 closed 5 years ago
Rules for ALB have been set up, but health checks are done over HTTP unlike NLB which uses TCP
Hi @shrivastavshubham34 ,
As you stated the ALB
doesn't support TCP so we recommend using ELB as loadbalancer.
If you simply want to expose the 1515
and 55000
port you can do it using the default wazuh-master-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: wazuh # Don't change, unless you update the Wazuh Kibana app config
namespace: wazuh
labels:
app: wazuh-manager
# dns: route53
annotations:
# domainName: 'changeme'
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
spec:
type: LoadBalancer
selector:
app: wazuh-manager
node-type: master
ports:
- name: registration
port: 1515
targetPort: 1515
- name: api
port: 55000
targetPort: 55000
It uses a loadbalancer from AWS which will forward stated ports to the pods.
Hope it helps, let me know if you have further questions
Best regards,
Jose
Nope, Issue is resolved after replacing ALB with NLB
Thanks for the support!
Hi @shrivastavshubham34 , i'm facing the same issue with my wazuh deployment on kubernetes. Can you please help me to replace service with loadbalancer type to use the ingress controller here. I have been trying for this solution since long but not able to find. It's really helpful for me if you can share your experience in detailed here.
Hi @shrivastavshubham34 Did you resolve this issue by using NLB instead of ALB?
I'm trying to deploy the Wazuh server in Kubernetes (I'm using your wazuh Kubernetes repo for reference). From there, I want to expose the Wazuh server to make it available for my other EC2 instances that are not part of my Kubernetes cluster. To do so, I'm creating an ALB Ingress Service to point to my Wazuh NodePort service at 1515 and 55000.
My Service looks like this:
ALB configuration looks like this:
And Ingress looks something like this
My AWS ALB works fine for other non wazuh services.
But somehow, I keep getting a 502 Bad Gateway from the URL everytime I try to hit my wazuh ingress endpoint. I tried to do tcpdump over my k8s nodes and did not see any 502 related information.
If I skip the Ingress installation and setup my wazuh service as LoadBalancer it works without any problems. The difference I see while using LoadBalancer wazuh service is the Listener
ALB does not support TCP listeners. Is this what is stopping my other EC2 (wazuh agent) instances that are not part of my Kubernetes cluster to communicate to wazuh server?