wazuh-helm icon indicating copy to clipboard operation
wazuh-helm copied to clipboard
verified publisher icon morgoved

wazuh-agent issues

Open DJSwitchCase opened this issue 2 months ago • 7 comments

I couldn't get it to work. There is a number of things wrong:

  1. The memory limit is lower than the memory request;
  2. podSecurityContext.privileged.true and securityContext.privileged.true statements can't be validated by kubernetes;
  3. JOIN_MANAGER_WORKER_HOST value uses "wazuh" namespace instead of the appointed one by release;
  4. Finally, the image opennix/wazuh-agent:4.12.0 just doesn't exist. The latest version from this repo is 4.11.1. If you use it, the agent gets shutdown by the manager after about 5 minutes of working and then restarts. Maybe it's because all the other components use wazuh/wazuh...:4.12.0 images?

I would gladly make a merge request fixing the first 3 issues at least but I just can't start it up, man. How are you running the agent if not by using this chart? Are you installing it on bare metal and pointing to the ingress of the wazuh service?

DJSwitchCase avatar Oct 08 '25 19:10 DJSwitchCase

Hm maybe they removed 4.12 - yes sure you can do PR but what about podSecurityContext.privileged.true and securityContext.privileged.true ? Can you add some description?

morgoved avatar Oct 08 '25 20:10 morgoved

I was able to successfully deploy the agent by using a version lower than the manager's. The version that is currently functional is 4.11.1, which appears to be the only viable option until the Helm chart is officially updated.

Pary09 avatar Oct 17 '25 10:10 Pary09

Thank you for this chart! I am new to wazuh and SIEMs in general and it is a steep learning curve.

I've been looking at getting the latest v4.14 images including the wazuh/wazuh-agent:4.14.0 image working.

I am still testing this, so a PR back to upstream (here) is likely delayed.

and am testing it as a whole, with other 4.14 image changes as

    dependencies:
      - name: wazuh
        version: "0.3.3-markus-mnm-agent-fix-2"
        repository: https://markus-mnm.github.io/wazuh-helm/

The intention is to be backward compatible, but I am not able to test this atm.

markus-mnm avatar Oct 29 '25 21:10 markus-mnm

@markus-mnm now created new chart version with v4.14 - welcome to testing

morgoved avatar Nov 14 '25 09:11 morgoved

@morgoved it looks like in the latest release that introduces v4.14 the agent version is still 4.11.1. As far as I know the agent should be the same version as the manager

dima-engineer avatar Nov 14 '25 12:11 dima-engineer

You're right, I missed the agent image. Since I was working on something that didn’t require the agent to be deployed with Helm, I ended up forgetting to update it. I already pushed an PR

ShorMario avatar Nov 14 '25 21:11 ShorMario

@ShorMario @dima-engineer https://hub.docker.com/r/opennix/wazuh-agent/tags

morgoved avatar Nov 14 '25 23:11 morgoved