Can't deploy wazuh on OpenShift

[0xThegarlic]

Hi, I tried to deploy wazuh on the OpenShift platform as part of a monitoring of some servers following the documentation for deploying wazuh on kubernetes. Unfortunately, I was not able to deploy wazuh on OpenShift, since after my deployment, none of my pods were started and I still had this error message saying: /bin/bash: entrypoint.sh: Permission denied

Not understanding this problem, I started to do some research on the internet and I came across a document from OpenShift that explained that pods were starting with very restrictive rights on OpenShift, so I decided to pause the pod with the command : command: ["sh", "-c", "while true; do sleep 5; done"] Indeed, I noticed that the pod was starting with a random user 1009430000 and we can see that the entrypoint.sh file is executable only by the wazuh-dashboard user.

From there, I used these resources:

• https://cloud.redhat.com/blog/understanding-service-accounts-sccs#:~:text=OpenShift%20provides%20security%20context%20constraints%20%28SCC%29%20that%20control,and%20what%20it%20has%20the%20ability%20to%20access.
• https://docs.openshift.com/container-platform/4.3/authentication/managing-security-context-constraints.html
• https://www.youtube.com/watch?v=ZEfg6K3GvbE&t=310s&ab_channel=TechTejendra
• https://www.youtube.com/watch?v=PzzFsvadZdY&t=369s&ab_channel=kubetrain

To allow my user 1009430000 to have the necessary permissions to perform my wazuh deployment but that didn't work either. Not finding any solution, I decided to re-build the wazuh project via the build-docker-image ( https://github.com/wazuh/wazuh-docker/tree/master/build-docker-images) by changing the group and the uid of the wazuh-dashboard user. So I made a modification in the dockerfile on the creation part of the wazuh-dashboard user like this:

After the build, I had the same problem on the indexer pod and I also modified the dockerfile of the indexer like this:

After these configurations, my pods were starting but I was facing a new problem with rights on files in the conf and cert directory and other problems.

kubectl get pod

For my dashboard pod :

For my indexer pod :

For my manager pod :

When I do the port forward, I also could not access the dashboard from the web interface, because the API cannot be contacted by the dashboard.

If you can figure out the problem, please let me know.

Thank you in advance!

[0xHexE]

Hey @0xThegarlic,

I think you have to deploy to one of namespace which starts with openshift- or default namespace this allows to run as root or other user if not you patch scc with anyuid this should fix it.