search

wazuh / wazuh-kubernetes

Wazuh - Wazuh Kubernetes
https://wazuh.com/
GNU General Public License v2.0
268 stars 164 forks source link

API connection failed in the kubernetes deploy #758

Closed Enaraque closed 3 months ago

Enaraque commented 3 months ago

Description

While testing https://github.com/wazuh/internal-devel-requests/issues/1257 and https://github.com/wazuh/wazuh/issues/24649, the deployment of v4.9.0-alpha2 has a problem with the API connection. Once the services are up correctly, the connection to the API fails.

Captura de pantalla 2024-07-17 a las 12 57 38

As you can see in the screenshot, this problem is due to the host being pointed to localhost instead of the corresponding load balancer.

vcerenu commented 3 months ago

The problem is generated because the file /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml is not found within the Docker image used.

The creation of the image was verified step by step and after the installation of the Wazuh dashboard package within the base image, the file does not exist.

The @wazuh/devel-dashboard team was consulted and they clarified that this file is generated after the first start. This is a problem for the Docker image because the service is never started until the end of the entrypoint, at the start of the container, so all the necessary configuration does not work and does not start correctly.

vcerenu commented 3 months ago

The wazuh.yml file was added in the creation of the Wazuh dashboard Docker image because that file is created after the first start of the service inside the container, which does not allow it to be configured because we cannot make changes after the start of the Wazuh dashboard service.

$ docker exec -it single-node_wazuh.dashboard_1 bash
bash-5.2$ cat data/wazuh/config/wazuh.yml 
---
#
# Wazuh app - App configuration file
# Copyright (C) 2017, Wazuh Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Find more information about this on the LICENSE file.
#
# ======================== Wazuh app configuration file ========================
#
# Please check the documentation for more information on configuration options:
# https://documentation.wazuh.com/current/installation-guide/index.html
#
# Also, you can check our repository:
# https://github.com/wazuh/wazuh-dashboard-plugins
#
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-*
#
# ----------------------------------- Checks -----------------------------------
#
# Defines which checks must to be consider by the healthcheck
# step once the Wazuh app starts. Values must to be true or false.
#checks.pattern : true
#checks.template: true
#checks.api     : true
#checks.setup   : true
#checks.metaFields: true
#
# --------------------------------- Extensions ---------------------------------
#
# Defines which extensions should be activated when you add a new API entry.
# You can change them after Wazuh app starts.
# Values must to be true or false.
#extensions.pci       : true
#extensions.gdpr      : true
#extensions.hipaa     : true
#extensions.nist      : true
#extensions.tsc       : true
#extensions.audit     : true
#extensions.oscap     : false
#extensions.ciscat    : false
#extensions.aws       : false
#extensions.gcp       : false
#extensions.virustotal: false
#extensions.osquery   : false
#extensions.docker    : false
#
# ---------------------------------- Time out ----------------------------------
#
# Defines maximum timeout to be used on the Wazuh app requests.
# It will be ignored if it is bellow 1500.
# It means milliseconds before we consider a request as failed.
# Default: 20000
#timeout: 20000
#
# -------------------------------- API selector --------------------------------
#
# Defines if the user is allowed to change the selected
# API directly from the Wazuh app top menu.
# Default: true
#api.selector: true
#
# --------------------------- Index pattern selector ---------------------------
#
# Defines if the user is allowed to change the selected
# index pattern directly from the Wazuh app top menu.
# Default: true
#ip.selector: true
#
# List of index patterns to be ignored
#ip.ignore: []
#
# ------------------------------ wazuh-monitoring ------------------------------
#
# Custom setting to enable/disable wazuh-monitoring indices.
# Values: true, false, worker
# If worker is given as value, the app will show the Agents status
# visualization but won't insert data on wazuh-monitoring indices.
# Default: true
#wazuh.monitoring.enabled: true
#
# Custom setting to set the frequency for wazuh-monitoring indices cron task.
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-* indices shards and replicas.
#wazuh.monitoring.shards: 2
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: d
#wazuh.monitoring.creation: d
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-*
#
# --------------------------------- wazuh-cron ----------------------------------
#
# Customize the index prefix of predefined jobs
# This change is not retroactive, if you change it new indexes will be created
# cron.prefix: test
#
# ------------------------------ wazuh-statistics -------------------------------
#
# Custom setting to enable/disable statistics tasks.
#cron.statistics.status: true
#
# Enter the ID of the APIs you want to save data from, leave this empty to run
# the task on all configured APIs
#cron.statistics.apis: []
#
# Define the frequency of task execution using cron schedule expressions
#cron.statistics.interval: 0 0 * * * *
#
# Define the name of the index in which the documents are to be saved.
#cron.statistics.index.name: statistics
#
# Define the interval in which the index will be created
#cron.statistics.index.creation: w
#
# ------------------------------- App privileges --------------------------------
#admin: true
#
# ---------------------------- Hide manager alerts ------------------------------
# Hide the alerts of the manager in all dashboards and discover
#hideManagerAlerts: false
#
# ------------------------------- App logging level -----------------------------
# Set the logging level for the Wazuh App log files.
# Default value: info
# Allowed values: info, debug
#logs.level: info
#
# -------------------------------- Enrollment DNS -------------------------------
# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
# Default value: ''
#enrollment.dns: ''
#
#-------------------------------- API entries -----------------------------------
#The following configuration is the default structure to define an API entry.
#
#hosts:
#  - <id>:
#     url: http(s)://<url>
#     port: <port>
#     username: <username>
#     password: <password>
hosts:
  - 1513629884013:
      url: https://wazuh.manager
      port: 55000
      username: wazuh-wui
      password: MyS3cr37P450r.*-
      run_as: false
bash-5.2$
vcerenu commented 3 months ago

I have uploaded the images to my own repository and deployed Wazuh on EKS with these new images. The API configuration is correct.

$ kubectl get all -n wazuh
NAME                                   READY   STATUS            RESTARTS   AGE
pod/wazuh-dashboard-6494ff944c-hn9g6   1/1     Running           0          94s
pod/wazuh-indexer-0                    1/1     Running           0          93s
pod/wazuh-indexer-1                    0/1     PodInitializing   0          37s
pod/wazuh-manager-master-0             1/1     Running           0          92s
pod/wazuh-manager-worker-0             1/1     Running           0          92s
pod/wazuh-manager-worker-1             1/1     Running           0          92s

NAME                    TYPE           CLUSTER-IP       EXTERNAL-IP                                                                       PORT(S)                          AGE
service/dashboard       LoadBalancer   10.100.208.6     a656f899987804da6a099020c7463b9f-686982118.us-west-1.elb.amazonaws.com            443:30414/TCP                    98s
service/indexer         LoadBalancer   10.100.100.191   a10c51abc590445388fce02d3a5cc0e4-591143061.us-west-1.elb.amazonaws.com            9200:31938/TCP                   97s
service/wazuh           LoadBalancer   10.100.162.73    a21cbc36a38164c87b4a443d0eb91d09-498945552.us-west-1.elb.amazonaws.com            1515:30560/TCP,55000:30981/TCP   97s
service/wazuh-cluster   ClusterIP      None             <none>                                                                            1516/TCP                         96s
service/wazuh-indexer   ClusterIP      None             <none>                                                                            9300/TCP                         95s
service/wazuh-workers   LoadBalancer   10.100.129.216   internal-acf9b719ef6494a39942864d32ddebcd-832291146.us-west-1.elb.amazonaws.com   1514:32696/TCP                   94s

NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/wazuh-dashboard   1/1     1            1           95s

NAME                                         DESIRED   CURRENT   READY   AGE
replicaset.apps/wazuh-dashboard-6494ff944c   1         1         1       95s

NAME                                    READY   AGE
statefulset.apps/wazuh-indexer          1/3     94s
statefulset.apps/wazuh-manager-master   1/1     93s
statefulset.apps/wazuh-manager-worker   2/2     93s
$ kubectl exec --stdin --tty -n wazuh pod/wazuh-dashboard-6494ff944c-hn9g6 -- /bin/bash
bash-5.2$ cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml 
---
#
# Wazuh app - App configuration file
# Copyright (C) 2017, Wazuh Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Find more information about this on the LICENSE file.
#
# ======================== Wazuh app configuration file ========================
#
# Please check the documentation for more information on configuration options:
# https://documentation.wazuh.com/current/installation-guide/index.html
#
# Also, you can check our repository:
# https://github.com/wazuh/wazuh-dashboard-plugins
#
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-*
#
# ----------------------------------- Checks -----------------------------------
#
# Defines which checks must to be consider by the healthcheck
# step once the Wazuh app starts. Values must to be true or false.
#checks.pattern : true
#checks.template: true
#checks.api     : true
#checks.setup   : true
#checks.metaFields: true
#
# --------------------------------- Extensions ---------------------------------
#
# Defines which extensions should be activated when you add a new API entry.
# You can change them after Wazuh app starts.
# Values must to be true or false.
#extensions.pci       : true
#extensions.gdpr      : true
#extensions.hipaa     : true
#extensions.nist      : true
#extensions.tsc       : true
#extensions.audit     : true
#extensions.oscap     : false
#extensions.ciscat    : false
#extensions.aws       : false
#extensions.gcp       : false
#extensions.virustotal: false
#extensions.osquery   : false
#extensions.docker    : false
#
# ---------------------------------- Time out ----------------------------------
#
# Defines maximum timeout to be used on the Wazuh app requests.
# It will be ignored if it is bellow 1500.
# It means milliseconds before we consider a request as failed.
# Default: 20000
#timeout: 20000
#
# -------------------------------- API selector --------------------------------
#
# Defines if the user is allowed to change the selected
# API directly from the Wazuh app top menu.
# Default: true
#api.selector: true
#
# --------------------------- Index pattern selector ---------------------------
#
# Defines if the user is allowed to change the selected
# index pattern directly from the Wazuh app top menu.
# Default: true
#ip.selector: true
#
# List of index patterns to be ignored
#ip.ignore: []
#
# ------------------------------ wazuh-monitoring ------------------------------
#
# Custom setting to enable/disable wazuh-monitoring indices.
# Values: true, false, worker
# If worker is given as value, the app will show the Agents status
# visualization but won't insert data on wazuh-monitoring indices.
# Default: true
#wazuh.monitoring.enabled: true
#
# Custom setting to set the frequency for wazuh-monitoring indices cron task.
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-* indices shards and replicas.
#wazuh.monitoring.shards: 2
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: d
#wazuh.monitoring.creation: d
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-*
#
# --------------------------------- wazuh-cron ----------------------------------
#
# Customize the index prefix of predefined jobs
# This change is not retroactive, if you change it new indexes will be created
# cron.prefix: test
#
# ------------------------------ wazuh-statistics -------------------------------
#
# Custom setting to enable/disable statistics tasks.
#cron.statistics.status: true
#
# Enter the ID of the APIs you want to save data from, leave this empty to run
# the task on all configured APIs
#cron.statistics.apis: []
#
# Define the frequency of task execution using cron schedule expressions
#cron.statistics.interval: 0 0 * * * *
#
# Define the name of the index in which the documents are to be saved.
#cron.statistics.index.name: statistics
#
# Define the interval in which the index will be created
#cron.statistics.index.creation: w
#
# ------------------------------- App privileges --------------------------------
#admin: true
#
# ---------------------------- Hide manager alerts ------------------------------
# Hide the alerts of the manager in all dashboards and discover
#hideManagerAlerts: false
#
# ------------------------------- App logging level -----------------------------
# Set the logging level for the Wazuh App log files.
# Default value: info
# Allowed values: info, debug
#logs.level: info
#
# -------------------------------- Enrollment DNS -------------------------------
# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
# Default value: ''
#enrollment.dns: ''
#
#-------------------------------- API entries -----------------------------------
#The following configuration is the default structure to define an API entry.
#
#hosts:
#  - <id>:
#     url: http(s)://<url>
#     port: <port>
#     username: <username>
#     password: <password>
hosts:
  - 1513629884013:
      url: https://wazuh-manager-master-0.wazuh-cluster
      port: 55000
      username: wazuh-wui
      password: MyS3cr37P450r.*-
      run_as: false
bash-5.2$

image

c-bordon commented 3 months ago

LGTM