-
Notifications
You must be signed in to change notification settings - Fork 1
/
wazuh-daemonset.yaml
86 lines (86 loc) · 2.19 KB
/
wazuh-daemonset.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: wazuh-agent
namespace: wazuh
spec:
selector:
matchLabels:
app: wazuh-agent
template:
metadata:
labels:
app: wazuh-agent
name: wazuh-agent
spec:
hostPID: true
hostIPC: true
hostNetwork: true
initContainers:
- image: busybox
name: wazuh-user
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
volumeMounts:
- mountPath: /host
name: hostroot
command:
- chroot
- /host
- sh
- -c
- id wazuh || useradd wazuh
containers:
- name: wazuh-agent
image: ghcr.io/telkomindonesia/wazuh-agent:4.4.1-3
livenessProbe:
exec:
command:
- chroot
- /host
- /var/ossec/bin/wazuh-control
- status
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
failureThreshold: 5
imagePullPolicy: Always
securityContext:
privileged: true
runAsUser: 0
resources:
limits:
memory: 512Mi
env:
- name: WAZUH_MANAGER_ADDRESS
value: manager.wazuh.changeme
- name: WAZUH_RULESET_SCA
value: cis_ubuntu18-04,sca_unix_audit
- name: WAZUH_AGENT_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /host
name: hostroot
readOnly: true
- mountPath: /host/var/ossec
name: varossec
- mountPath: /var/ossec/etc/authd.pass
name: wazuh-authd-pass
subPath: authd.pass
volumes:
- name: hostroot
hostPath:
path: /
- name: varossec
hostPath:
path: /var/ossec
- name: wazuh-authd-pass
secret:
secretName: wazuh-authd-pass