Wazuh managers cluster in Kubernetes behind an AWS Application Load Balancer?

[shrivastavshubham34]

I'm trying to deploy the Wazuh server in Kubernetes (I'm using your wazuh Kubernetes repo for reference). From there, I want to expose the Wazuh server to make it available for my other EC2 instances that are not part of my Kubernetes cluster. To do so, I'm creating an ALB Ingress Service to point to my Wazuh NodePort service at 1515 and 55000.

My Service looks like this:

apiVersion: v1
kind: Service
metadata:
  name: wazuh
  namespace: wazuh
  labels:
    app: wazuh-manager
spec:
  type: NodePort
  selector:
    app: wazuh-manager
    node-type: master
  ports:
    - name: registration
      port: 1515
      targetPort: 1515
    - name: api
      port: 55000
      targetPort: 55000

ALB configuration looks like this:

apiVersion: v1
kind: ConfigMap
metadata:
  name: monitoring-ingress
  namespace: wazuh
data:
  annotations: |
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internal

And Ingress looks something like this

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: wazuh-manager
  namespace: wazuh
  labels:
    app: wazuh-manager
  annotations:
    kubernetes.io/ingress.class: merge
    merge.ingress.kubernetes.io/config: monitoring-ingress
spec:
  rules:
    - host: wazuhmanager.nonprod.com
      http:
        paths:
          - path: /*
            backend:
              serviceName: wazuh
              servicePort: 55000

My AWS ALB works fine for other non wazuh services.

But somehow, I keep getting a 502 Bad Gateway from the URL everytime I try to hit my wazuh ingress endpoint. I tried to do tcpdump over my k8s nodes and did not see any 502 related information.

If I skip the Ingress installation and setup my wazuh service as LoadBalancer it works without any problems. The difference I see while using LoadBalancer wazuh service is the Listener

ALB does not support TCP listeners. Is this what is stopping my other EC2 (wazuh agent) instances that are not part of my Kubernetes cluster to communicate to wazuh server?

[shrivastavshubham34]

Rules for ALB have been set up, but health checks are done over HTTP unlike NLB which uses TCP

[jm404]

Hi @shrivastavshubham34 ,

As you stated the ALB doesn't support TCP so we recommend using ELB as loadbalancer.

If you simply want to expose the 1515 and 55000 port you can do it using the default wazuh-master-svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: wazuh  # Don't change, unless you update the Wazuh Kibana app config
  namespace: wazuh
  labels:
    app: wazuh-manager
    # dns: route53
  annotations:
    # domainName: 'changeme'
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
spec:
  type: LoadBalancer
  selector:
    app: wazuh-manager
    node-type: master
  ports:
    - name: registration
      port: 1515
      targetPort: 1515
    - name: api
      port: 55000
      targetPort: 55000

It uses a loadbalancer from AWS which will forward stated ports to the pods.

Hope it helps, let me know if you have further questions

Best regards,

Jose

[shrivastavshubham34]

Nope, Issue is resolved after replacing ALB with NLB

[shrivastavshubham34]

Thanks for the support!

[khasim4A2]

Hi @shrivastavshubham34 , i'm facing the same issue with my wazuh deployment on kubernetes. Can you please help me to replace service with loadbalancer type to use the ingress controller here. I have been trying for this solution since long but not able to find. It's really helpful for me if you can share your experience in detailed here.

[dashashutosh24]

Hi @shrivastavshubham34 Did you resolve this issue by using NLB instead of ALB?