Thorgrym
commented
5 months ago Is the agent connecting properly when you don't change the namespace ? If not the problem could be this : https://github.com/wazuh/wazuh-kubernetes/issues/547
Closed ghalib9001 closed 1 month ago
Thorgrym
commented
5 months ago Is the agent connecting properly when you don't change the namespace ? If not the problem could be this : https://github.com/wazuh/wazuh-kubernetes/issues/547
ghalib9001
commented
4 months ago yes the agents are connecting fine when we set the namespace to wazuh. btw we're using wazuh 4.7.2 for the server and the agents
crlsgms
commented
4 months ago I managed to change the namespace creating it first on kubernetes (Im using rancher + longhorn + rke)
the main reference is the wazuh/base/wazuh-ns.yaml file:
apiVersion: v1 kind: Namespace metadata: name: change-to-the-already-created-namespace
and a rough sed, probably not the best way, but works for now: go to the root wazuh-kubernetes folder and run
grep -r "namespace: wazuh" | cut -d: -f1 | xargs sed -i 's/namespace: wazuh/namespace: change-to-the-already-created-namespace/g'
crlsgms
commented
2 months ago Please ignore my suggestion, as it will replace the namespace globally and that will break some other services.
The correct goal was to on the main kustomization.yaml be set and globally be pushed to all deployments on the overlays (eks / local-env)
it actually works on deployment, but it breaks communication between the worker nodes and each other if the namespace is not wazuh overall.
I'm trying to compare here and debug what is the difference on a custom namespace and wazuh namespace, as when I try to register agents it will only work if the deployment was done to wazuh namespace.
crlsgms
commented
2 months ago update on my lab testing, for example I have two namespaces, dummyclient and wazuh.
I used the default wazuh-kubernetes-4.8.0 kustomize default packages, only change I did was on the root kustomize.yaml and changed the namespace from wazuh to dummyclient.
doing this the deployment works fine, dashboard works, filebeat also, but the workers cannot connect to the cluster manager
crlsgms
commented
2 months ago the issue can be solved adding the new namespace on the ossec.conf files, as its hardcoded the expected pod hostname:
<cluster>
<name>wazuh</name>
<node_name>wazuh-manager-master</node_name>
<node_type>master</node_type>
<key>to_be_replaced_by_cluster_key</key>
<port>1516</port>
<bind_addr>0.0.0.0</bind_addr>
<nodes>
<node>wazuh-manager-master-0.wazuh-cluster.wazuh</node>
</nodes>
<hidden>no</hidden>
<disabled>no</disabled>
</cluster>kubernetes default dns host format is as follows:
service-name>.<namespace>.<cluster-name>:<service-port>
so the namespace must follow the one with the kustomize deployment
davidjiglesias
commented
1 month ago We are redesigning our Kubernetes deployment for 5.0.0.
Hello, We are trying to deploy this in kubernetes in a devn and production environment and we need to isolate it based on the namespace. Is there a way for us to use custom namespace with this? something like wazuh-dev, wazuh-prod? We tried changing the namespace but when we did, the agents would not connect for some reason. they would show up in the dashboard but would never go past the "never connected" stage Thanks.