diff --git a/envs/docker-desktop/indexer-resources.yaml b/envs/docker-desktop/indexer-resources.yaml
new file mode 100644
index 00000000..74964950
--- /dev/null
+++ b/envs/docker-desktop/indexer-resources.yaml
@@ -0,0 +1,25 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: wazuh-indexer
+ namespace: wazuh
+spec:
+ replicas: 1
+ template:
+ spec:
+ containers:
+ - name: wazuh-indexer
+ resources:
+ requests:
+ cpu: 500m
+ memory: 1Gi
+ limits:
+ cpu: 1
+ memory: 2Gi
diff --git a/envs/docker-desktop/kustomization.yml b/envs/docker-desktop/kustomization.yml
new file mode 100644
index 00000000..0243cead
--- /dev/null
+++ b/envs/docker-desktop/kustomization.yml
@@ -0,0 +1,15 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../wazuh
+patches:
+- path: storage-class.yaml
+- path: indexer-resources.yaml
+- path: wazuh-resources.yaml
diff --git a/envs/docker-desktop/storage-class.yaml b/envs/docker-desktop/storage-class.yaml
new file mode 100644
index 00000000..85d40283
--- /dev/null
+++ b/envs/docker-desktop/storage-class.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh StorageClass
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: wazuh-storage
+
+provisioner: docker.io/hostpath
+
diff --git a/envs/docker-desktop/wazuh-resources.yaml b/envs/docker-desktop/wazuh-resources.yaml
new file mode 100644
index 00000000..586f2ec8
--- /dev/null
+++ b/envs/docker-desktop/wazuh-resources.yaml
@@ -0,0 +1,14 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: wazuh-manager-worker
+ namespace: wazuh
+spec:
+ replicas: 1
diff --git a/wazuh/certs/admin.yaml b/wazuh/certs/admin.yaml
new file mode 100644
index 00000000..9fba997d
--- /dev/null
+++ b/wazuh/certs/admin.yaml
@@ -0,0 +1,29 @@
+---
+# Source: api/templates/virtual_service.yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: admin
+ namespace: wazuh
+spec:
+ issuerRef:
+ group: cert-manager.io
+ kind: Issuer
+ name: wazuh-issuer
+ secretName: admin-tls
+ commonName: admin
+ dnsNames:
+ - "admin"
+ usages:
+ - "signing"
+ - "key encipherment"
+ - "server auth"
+ - "client auth"
+ duration: 2160h
+ renewBefore: 360h
+ isCA: false
+ privateKey:
+ algorithm: RSA
+ encoding: PKCS1
+ size: 2048
+ rotationPolicy: Always
\ No newline at end of file
diff --git a/wazuh/certs/dashboard.yaml b/wazuh/certs/dashboard.yaml
new file mode 100644
index 00000000..5d0592bb
--- /dev/null
+++ b/wazuh/certs/dashboard.yaml
@@ -0,0 +1,30 @@
+---
+# Source: api/templates/virtual_service.yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: dashboard
+ namespace: wazuh
+spec:
+ issuerRef:
+ group: cert-manager.io
+ kind: Issuer
+ name: wazuh-issuer
+ secretName: dashboard-tls
+ commonName: dashboard
+ dnsNames:
+ - "dashboard"
+ usages:
+ - "signing"
+ - "key encipherment"
+ - "server auth"
+ - "client auth"
+ - digital signature
+ duration: 2160h
+ renewBefore: 360h
+ isCA: false
+ privateKey:
+ algorithm: RSA
+ encoding: PKCS1
+ size: 2048
+ rotationPolicy: Always
\ No newline at end of file
diff --git a/wazuh/certs/dashboard_http/generate_certs.sh b/wazuh/certs/dashboard_http/generate_certs.sh
deleted file mode 100755
index 6e847249..00000000
--- a/wazuh/certs/dashboard_http/generate_certs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-cd $DIR
-
-openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
diff --git a/wazuh/certs/filebeat.yaml b/wazuh/certs/filebeat.yaml
new file mode 100644
index 00000000..41ea744a
--- /dev/null
+++ b/wazuh/certs/filebeat.yaml
@@ -0,0 +1,30 @@
+---
+# Source: api/templates/virtual_service.yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: filebeat
+ namespace: wazuh
+spec:
+ issuerRef:
+ group: cert-manager.io
+ kind: Issuer
+ name: wazuh-issuer
+ secretName: filebeat-tls
+ commonName: filebeat
+ dnsNames:
+ - "filebeat"
+ usages:
+ - "signing"
+ - "key encipherment"
+ - "server auth"
+ - "client auth"
+ - digital signature
+ duration: 2160h
+ renewBefore: 360h
+ isCA: false
+ privateKey:
+ algorithm: RSA
+ encoding: PKCS1
+ size: 2048
+ rotationPolicy: Always
\ No newline at end of file
diff --git a/wazuh/certs/indexer_cluster/generate_certs.sh b/wazuh/certs/indexer_cluster/generate_certs.sh
deleted file mode 100755
index ad59c814..00000000
--- a/wazuh/certs/indexer_cluster/generate_certs.sh
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/bin/bash
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-cd $DIR
-
-echo "Root CA"
-
-openssl genrsa -out root-ca-key.pem 2048
-
-openssl req -days 3650 -new -x509 -sha256 -key root-ca-key.pem -out root-ca.pem -subj "/C=US/L=California/O=Company/CN=root-ca"
-
-echo "Admin cert"
-
-echo "create: admin-key-temp.pem"
-
-openssl genrsa -out admin-key-temp.pem 2048
-
-echo "create: admin-key.pem"
-
-openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
-
-echo "create: admin.csr"
-
-openssl req -days 3650 -new -key admin-key.pem -out admin.csr -subj "/C=US/L=California/O=Company/CN=admin"
-
-echo "create: admin.pem"
-
-openssl x509 -req -days 3650 -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem
-
-
-echo "* Node cert"
-
-echo "create: node-key-temp.pem"
-
-openssl genrsa -out node-key-temp.pem 2048
-
-echo "create: node-key.pem"
-
-openssl pkcs8 -inform PEM -outform PEM -in node-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node-key.pem
-
-echo "create: node.csr"
-
-openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=indexer"
-
-echo "create: node.pem"
-
-openssl x509 -req -days 3650 -in node.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node.pem
-
-echo "* dashboard cert"
-
-echo "create: dashboard-key-temp.pem"
-
-openssl genrsa -out dashboard-key-temp.pem 2048
-
-echo "create: dashboard-key.pem"
-
-openssl pkcs8 -inform PEM -outform PEM -in dashboard-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out dashboard-key.pem
-
-echo "create: dashboard.csr"
-
-openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=dashboard"
-
-echo "create: dashboard.pem"
-
-openssl x509 -req -days 3650 -in dashboard.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out dashboard.pem
-
-
-
-echo "* Filebeat cert"
-
-echo "create: filebeat-key-temp.pem"
-
-openssl genrsa -out filebeat-key-temp.pem 2048
-
-echo "create: filebeat-key.pem"
-
-openssl pkcs8 -inform PEM -outform PEM -in filebeat-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out filebeat-key.pem
-
-echo "create: filebeat.csr"
-
-openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=filebeat"
-
-echo "create: filebeat.pem"
-
-openssl x509 -req -days 3650 -in filebeat.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out filebeat.pem
diff --git a/wazuh/certs/node.yaml b/wazuh/certs/node.yaml
new file mode 100644
index 00000000..1d21e0a2
--- /dev/null
+++ b/wazuh/certs/node.yaml
@@ -0,0 +1,31 @@
+---
+# Source: api/templates/virtual_service.yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: node
+ namespace: wazuh
+spec:
+ issuerRef:
+ group: cert-manager.io
+ kind: Issuer
+ name: wazuh-issuer
+ secretName: node-tls
+ commonName: "*.wazuh-indexer"
+ dnsNames:
+ - "*.wazuh-indexer"
+ - "indexer"
+ usages:
+ - "signing"
+ - "key encipherment"
+ - "server auth"
+ - "client auth"
+ - digital signature
+ duration: 2160h
+ renewBefore: 360h
+ isCA: false
+ privateKey:
+ algorithm: RSA
+ encoding: PKCS1
+ size: 2048
+ rotationPolicy: Always
\ No newline at end of file
diff --git a/wazuh/certs/wazuh-ca.yaml b/wazuh/certs/wazuh-ca.yaml
new file mode 100644
index 00000000..8efa2c39
--- /dev/null
+++ b/wazuh/certs/wazuh-ca.yaml
@@ -0,0 +1,40 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: selfsigning-issuer
+ namespace: wazuh
+spec:
+ selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: wazuh-pki-ca
+ namespace: wazuh
+spec:
+ issuerRef:
+ group: cert-manager.io
+ kind: Issuer
+ name: selfsigning-issuer
+ secretName: wazuh-pki-ca
+ commonName: "wazuh-ca"
+ subject:
+ organizations:
+ - "Wazuh, Inc."
+ usages:
+ - "signing"
+ - "key encipherment"
+ - "cert sign"
+ duration: 87600h # 3650d
+ renewBefore: 8760h # 365d
+ isCA: true
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: wazuh-issuer
+ namespace: wazuh
+spec:
+ ca:
+ secretName: "wazuh-pki-ca"
diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml b/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
index dc409dd6..e474475d 100644
--- a/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
+++ b/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
@@ -29,7 +29,7 @@ spec:
name: dashboard-conf
- name: dashboard-certs
secret:
- secretName: dashboard-certs
+ secretName: dashboard-tls
containers:
- name: wazuh-dashboard
image: 'wazuh/wazuh-dashboard:5.0.0'
@@ -43,16 +43,16 @@ spec:
subPath: opensearch_dashboards.yml
readOnly: false
- name: dashboard-certs
- mountPath: /usr/share/wazuh-dashboard/certs/cert.pem
+ mountPath: /usr/share/wazuh-dashboard/certs/tls.crt
readOnly: true
- subPath: cert.pem
+ subPath: tls.crt
- name: dashboard-certs
- mountPath: /usr/share/wazuh-dashboard/certs/key.pem
+ mountPath: /usr/share/wazuh-dashboard/certs/tls.key
readOnly: true
- subPath: key.pem
+ subPath: tls.key
- name: dashboard-certs
- mountPath: /usr/share/wazuh-dashboard/certs/root-ca.pem
- subPath: root-ca.pem
+ mountPath: /usr/share/wazuh-dashboard/certs/ca.crt
+ subPath: ca.crt
readOnly: true
ports:
- containerPort: 5601
diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml b/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
index a1449893..f562a01e 100644
--- a/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
+++ b/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
@@ -7,7 +7,7 @@ opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
-server.ssl.key: "/usr/share/wazuh-dashboard/certs/key.pem"
-server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/cert.pem"
-opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/tls.key"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/tls.crt"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/ca.crt"]
uiSettings.overrides.defaultRoute: /app/wz-home
\ No newline at end of file
diff --git a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
index a0a43622..2db57e63 100644
--- a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
+++ b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
@@ -26,9 +26,12 @@ spec:
spec:
# Set the wazuh-indexer volume permissions so the wazuh-indexer user can use it
volumes:
- - name: indexer-certs
+ - name: node-certs
secret:
- secretName: indexer-certs
+ secretName: node-tls
+ - name: admin-certs
+ secret:
+ secretName: admin-tls
- name: indexer-conf
configMap:
name: indexer-conf
@@ -89,25 +92,29 @@ spec:
volumeMounts:
- name: wazuh-indexer
mountPath: /var/lib/wazuh-indexer
- - name: indexer-certs
- mountPath: /usr/share/wazuh-indexer/certs/node-key.pem
- subPath: node-key.pem
+ - name: node-certs
+ mountPath: /usr/share/wazuh-indexer/certs/node/ca.crt
+ subPath: ca.crt
+ readOnly: true
+ - name: node-certs
+ mountPath: /usr/share/wazuh-indexer/certs/node/tls.key
+ subPath: tls.key
readOnly: true
- - name: indexer-certs
- mountPath: /usr/share/wazuh-indexer/certs/node.pem
- subPath: node.pem
+ - name: node-certs
+ mountPath: /usr/share/wazuh-indexer/certs/node/tls.crt
+ subPath: tls.crt
readOnly: true
- - name: indexer-certs
- mountPath: /usr/share/wazuh-indexer/certs/root-ca.pem
- subPath: root-ca.pem
+ - name: admin-certs
+ mountPath: /usr/share/wazuh-indexer/certs/admin/ca.crt
+ subPath: ca.crt
readOnly: true
- - name: indexer-certs
- mountPath: /usr/share/wazuh-indexer/certs/admin.pem
- subPath: admin.pem
+ - name: admin-certs
+ mountPath: /usr/share/wazuh-indexer/certs/admin/tls.crt
+ subPath: tls.crt
readOnly: true
- - name: indexer-certs
- mountPath: /usr/share/wazuh-indexer/certs/admin-key.pem
- subPath: admin-key.pem
+ - name: admin-certs
+ mountPath: /usr/share/wazuh-indexer/certs/admin/tls.key
+ subPath: tls.key
readOnly: true
- name: indexer-conf
mountPath: /usr/share/wazuh-indexer/opensearch.yml
diff --git a/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml b/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
index 1a708a53..569a0218 100644
--- a/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
+++ b/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
@@ -8,12 +8,12 @@ cluster.initial_master_nodes:
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node/tls.crt
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node/tls.key
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/node/ca.crt
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/admin/tls.crt
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/admin/tls.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/admin/ca.crt
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
diff --git a/wazuh/kustomization.yml b/wazuh/kustomization.yml
index 27347c39..909d4f58 100644
--- a/wazuh/kustomization.yml
+++ b/wazuh/kustomization.yml
@@ -11,24 +11,6 @@ kind: Kustomization
# Adds wazuh namespace to all resources.
namespace: wazuh
-secretGenerator:
- - name: indexer-certs
- files:
- - certs/indexer_cluster/root-ca.pem
- - certs/indexer_cluster/node.pem
- - certs/indexer_cluster/node-key.pem
- - certs/indexer_cluster/dashboard.pem
- - certs/indexer_cluster/dashboard-key.pem
- - certs/indexer_cluster/admin.pem
- - certs/indexer_cluster/admin-key.pem
- - certs/indexer_cluster/filebeat.pem
- - certs/indexer_cluster/filebeat-key.pem
- - name: dashboard-certs
- files:
- - certs/dashboard_http/cert.pem
- - certs/dashboard_http/key.pem
- - certs/indexer_cluster/root-ca.pem
-
configMapGenerator:
- name: indexer-conf
files:
@@ -46,6 +28,12 @@ resources:
- base/wazuh-ns.yaml
- base/storage-class.yaml
+ - certs/admin.yaml
+ - certs/dashboard.yaml
+ - certs/filebeat.yaml
+ - certs/node.yaml
+ - certs/wazuh-ca.yaml
+
- secrets/wazuh-api-cred-secret.yaml
- secrets/wazuh-authd-pass-secret.yaml
- secrets/wazuh-cluster-key-secret.yaml
diff --git a/wazuh/wazuh_managers/wazuh-master-sts.yaml b/wazuh/wazuh_managers/wazuh-master-sts.yaml
index b7cf2438..f54fddd6 100644
--- a/wazuh/wazuh_managers/wazuh-master-sts.yaml
+++ b/wazuh/wazuh_managers/wazuh-master-sts.yaml
@@ -33,7 +33,7 @@ spec:
name: wazuh-conf
- name: filebeat-certs
secret:
- secretName: indexer-certs
+ secretName: filebeat-tls
- name: wazuh-authd-pass
secret:
secretName: wazuh-authd-pass
@@ -55,16 +55,16 @@ spec:
subPath: master.conf
readOnly: true
- name: filebeat-certs
- mountPath: /etc/ssl/root-ca.pem
+ mountPath: /etc/ssl/ca.crt
readOnly: true
- subPath: root-ca.pem
+ subPath: ca.crt
- name: filebeat-certs
- mountPath: /etc/ssl/filebeat.pem
- subPath: filebeat.pem
+ mountPath: /etc/ssl/tls.crt
+ subPath: tls.crt
readOnly: true
- name: filebeat-certs
- mountPath: /etc/ssl/filebeat.key
- subPath: filebeat-key.pem
+ mountPath: /etc/ssl/tls.key
+ subPath: tls.key
readOnly: true
- name: wazuh-authd-pass
mountPath: /wazuh-config-mount/etc/authd.pass
@@ -126,11 +126,11 @@ spec:
- name: FILEBEAT_SSL_VERIFICATION_MODE
value: 'full'
- name: SSL_CERTIFICATE_AUTHORITIES
- value: /etc/ssl/root-ca.pem
+ value: /etc/ssl/ca.crt
- name: SSL_CERTIFICATE
- value: /etc/ssl/filebeat.pem
+ value: /etc/ssl/tls.crt
- name: SSL_KEY
- value: /etc/ssl/filebeat.key
+ value: /etc/ssl/tls.key
- name: API_USERNAME
valueFrom:
secretKeyRef:
diff --git a/wazuh/wazuh_managers/wazuh-worker-sts.yaml b/wazuh/wazuh_managers/wazuh-worker-sts.yaml
index 864be080..6d64d560 100644
--- a/wazuh/wazuh_managers/wazuh-worker-sts.yaml
+++ b/wazuh/wazuh_managers/wazuh-worker-sts.yaml
@@ -39,7 +39,7 @@ spec:
name: wazuh-conf
- name: filebeat-certs
secret:
- secretName: indexer-certs
+ secretName: filebeat-tls
securityContext:
fsGroup: 101
containers:
@@ -58,16 +58,16 @@ spec:
subPath: worker.conf
readOnly: true
- name: filebeat-certs
- mountPath: /etc/ssl/root-ca.pem
+ mountPath: /etc/ssl/ca.crt
readOnly: true
- subPath: root-ca.pem
+ subPath: ca.crt
- name: filebeat-certs
- mountPath: /etc/ssl/filebeat.pem
- subPath: filebeat.pem
+ mountPath: /etc/ssl/tls.crt
+ subPath: tls.crt
readOnly: true
- name: filebeat-certs
- mountPath: /etc/ssl/filebeat.key
- subPath: filebeat-key.pem
+ mountPath: /etc/ssl/tls.key
+ subPath: tls.key
readOnly: true
- name: wazuh-manager-worker
mountPath: /var/ossec/api/configuration
@@ -123,11 +123,11 @@ spec:
- name: FILEBEAT_SSL_VERIFICATION_MODE
value: 'full'
- name: SSL_CERTIFICATE_AUTHORITIES
- value: /etc/ssl/root-ca.pem
+ value: /etc/ssl/ca.crt
- name: SSL_CERTIFICATE
- value: /etc/ssl/filebeat.pem
+ value: /etc/ssl/tls.crt
- name: SSL_KEY
- value: /etc/ssl/filebeat.key
+ value: /etc/ssl/tls.key
- name: WAZUH_CLUSTER_KEY
valueFrom:
secretKeyRef:
diff --git a/wazuh/wazuh_managers/wazuh_conf/master.conf b/wazuh/wazuh_managers/wazuh_conf/master.conf
index 947c584f..42a4b33f 100644
--- a/wazuh/wazuh_managers/wazuh_conf/master.conf
+++ b/wazuh/wazuh_managers/wazuh_conf/master.conf
@@ -116,10 +116,10 @@
- /etc/ssl/root-ca.pem
+ /etc/ssl/ca.crt
- /etc/ssl/filebeat.pem
- /etc/ssl/filebeat.key
+ /etc/ssl/tls.crt
+ /etc/ssl/tls.key
diff --git a/wazuh/wazuh_managers/wazuh_conf/worker.conf b/wazuh/wazuh_managers/wazuh_conf/worker.conf
index f55b8d61..ccf2b6c8 100644
--- a/wazuh/wazuh_managers/wazuh_conf/worker.conf
+++ b/wazuh/wazuh_managers/wazuh_conf/worker.conf
@@ -116,10 +116,10 @@
- /etc/ssl/root-ca.pem
+ /etc/ssl/ca.crt
- /etc/ssl/filebeat.pem
- /etc/ssl/filebeat.key
+ /etc/ssl/tls.crt
+ /etc/ssl/tls.key