Deployment on local environment
This guide describes the necessary steps to deploy Wazuh on a local Kubernetes environment (Microk8s, Minikube, Kind).
Here we will describe the steps unique for a deployment on a local development scenario. For general knowledge read Kubernetes configuration as well which describes a deployment in more detail using an EKS cluster.
Pre-requisites
Kubernetes cluster already deployed.
Resource Requirements
To deploy the local-env variant the Kubernetes cluster should have at least the following resources available:
2 CPU units
3 Gi of memory
2 Gi of storage
Deployment
Clone this repository:
$ git clone https://github.com/wazuh/wazuh-kubernetes.git -b v4.1.5 --depth=1 $ cd wazuh-kubernetes
Setup SSL certificates
You can generate self-signed certificates for the ODFE cluster using the script at wazuh/certs/odfe_cluster/generate_certs.sh
or provide your own.
Since Kibana has HTTPS enabled it will require its own certificates, these may be generated with: openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
, there is an utility script at wazuh/certs/kibana_http/generate_certs.sh
to help with this.
The required certificates are imported via secretGenerator on the kustomization.yml
file:
secretGenerator: - name: odfe-ssl-certs files: - certs/odfe_cluster/root-ca.pem - certs/odfe_cluster/node.pem - certs/odfe_cluster/node-key.pem - certs/odfe_cluster/kibana.pem - certs/odfe_cluster/kibana-key.pem - certs/odfe_cluster/admin.pem - certs/odfe_cluster/admin-key.pem - certs/odfe_cluster/filebeat.pem - certs/odfe_cluster/filebeat-key.pem - name: kibana-certs files: - certs/kibana_http/cert.pem - certs/kibana_http/key.pem
Setup storage class
Depending on the type of cluster you're running for local development the Storage Class may have a different provisioner.
You can check yours by running kubectl get sc
. You will see something like this:
$ kubectl get sc NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE elk-gp2 microk8s.io/hostpath Delete Immediate false 67d microk8s-hostpath (default) microk8s.io/hostpath Delete Immediate false 54d
The provisioner column displays microk8s.io/hostpath, you must edit the file envs/local-env/storage-class.yaml and setup this provisioner.
Apply all manifests using kustomize
We are using the overlay feature of Kustomize two create two variants: eks
and local-env
, in this guide we're using local-env
. (For a production deployment on EKS check the guide on Kubernetes configuration)
It is possible to adjust resources for the cluster by editing patches on envs/local-env/
, the number of replicas for Elasticsearch nodes and Wazuh workers are reduced on the local-env variant to save resources. This could be undone by removing these patches from the kustomization.yaml
or alter the patches themselves with different values.
By using the kustomization file on the local-env
variant we can now deploy the whole cluster with a single command:
$ kubectl apply -k envs/local-env/
Accessing Kibana
To access the Kibana interface you can use port-forward:
$ kubectl -n wazuh port-forward service/kibana 8443:443
Kibana will be accesible on https://localhost:8443
.