wazuh
PoC of managing certificates with cert-manager
Also, to make vulnerability detection work, the config file for the master and worker pod also needs to be changed
In file wazuh/wazuh_managers/wazuh_conf/master.conf
and wazuh/wazuh_managers/wazuh_conf/worker.conf
<ssl>
<certificate_authorities>
<ca>/etc/ssl/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/ssl/filebeat.pem</certificate>
<key>/etc/ssl/filebeat.key</key>
</ssl>
this part is using the original certificate path and should be changed to
<ssl>
<certificate_authorities>
<ca>/etc/ssl/ca.crt</ca>
</certificate_authorities>
<certificate>/etc/ssl/tls.crt</certificate>
<key>/etc/ssl/tls.key</key>
</ssl>
Been trying to offload certs to separate secret store and sync them with external-secrets to implement this gitops way, stumbling on every possible occasion. This can't come soon enough.
@AurimasNav Hi! Could I help somehow?
Thanks, I've managed it somehow, it just was very time consuming.
It is really nothing special, my only goal was to avoid commiting certs to git, but it is by no means automated solution, it is the same manual labor with the certs that wazuh script generates, it is simply that they are stored in azure key vault (manually), and referenced by external-secrets to create secrets in kubernetes by referencing those key vault secrets.
@c-bordon Hi! Is there any option to reopen this PR and target it to main branch (I wrote brainch hahaha first time)? It sounds ridiculous if the only way would be to recreate it and lose the history of conversation.
~https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-base-branch-of-a-pull-request Just found this~
Edit: Sorry, I tested this with a empty repo and it does not work with deleted branch