wazuh-kubernetes
wazuh-kubernetes copied to clipboard
Published
20 hours ago •
wazuh
wazuh
Dockerfile to deploy Wazuh Agent in Windows Kubernetes nodes
Hello team,
We got a Feature request asking for a Wazuh Agent dockerfile for Windows Kubernetes Nodes.
Description
I have managed to deploy Wazuh Agent using Docker by using:
- This dockerfile
Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
FROM python:3.9-slim-buster
# Dependencies
RUN apt-get update && \
apt-get install curl procps apt-transport-https lsb-release -y &&\
apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* &&\
mkdir /scripts /config\
pip3 install docker
# Install the Wazuh agent
RUN curl -so wazuh-agent.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.1.5-1_amd64.deb && dpkg -i ./wazuh-agent.deb
# Entrypoint
ADD entrypoint.sh /entrypoint.sh
RUN chmod 755 /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
- This entrypoint:
#!/bin/bash
# Copyright (C) 2015-2021, Wazuh Inc.
# Created by Wazuh, Inc. .
# This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2
pip3 install docker
echo "<ossec_config><wodle name=\"docker-listener\"><disabled>no</disabled></wodle></ossec_config>" >> /var/ossec/etc/ossec.conf
/var/ossec/bin/agent-auth -m YOUR_MANAGER_IP
sed -i 's/MANAGER_IP/YOUR_MANAGER_IP/g' /var/ossec/etc/ossec.conf
/var/ossec/bin/ossec-control restart
sleep infinity
- Then built it with
docker build -t wazuh-daemonset:0.1 - And applied next daemonset:
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: wazuh-daemonset
namespace: default
labels:
k8s-app: wazuh-daemonset
spec:
selector:
matchLabels:
name: wazuh-daemonset
template:
metadata:
labels:
name: wazuh-daemonset
spec:
tolerations:
# this toleration is to have the daemonset runnable on master nodes
# remove it if your masters can't run pods
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: wazuh-daemonset
image: wazuh-daemonset:0.1
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: docker
mountPath: /var/run/docker.sock
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
terminationGracePeriodSeconds: 5
volumes:
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: docker
hostPath:
path: /var/run/docker.sock
by running kubectl apply -f daemonSet.yaml
But we need this to be able to run in Windows Kubernetes nodes too.
Tasks
- [ ] Adjust dependencies and commands for this to be able to run in Windows.
- [ ] Testing in different environments.
- [ ] Extend documentation and include related example use case (It is mentioned here that we can deploy Wazuh Agent to a Kubernetes DaemonSet container but there are no instructions to achieve this in any platform.
I found related information here: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes/
Also noticed issues https://github.com/wazuh/wazuh-kubernetes/issues/96 and https://github.com/wazuh/wazuh-docker/issues/412 but they are not specific with running in Windows nodes.
