Add an NGINX reverse proxy to have a unique ip for registration and reporting.

instructions.md

@@ -168,6 +168,7 @@ wazuh           LoadBalancer   10.100.176.82    <entrypoint_assigned>   1515:326
 wazuh-cluster   ClusterIP      None             <none>                  1516/TCP                         4h13m
 wazuh-indexer   ClusterIP      None             <none>                  9300/TCP                         4h13m
 wazuh-workers   LoadBalancer   10.100.165.20    <entrypoint_assigned>   1514:30128/TCP                   4h13m
+wazuh-loadbalancer   LoadBalancer   10.100.165.21   <entrypoint_assigned>   1514:30318/TCP,1515:30190/TCP    10h
 ```
 
 #### Deployments
@@ -176,6 +177,7 @@ wazuh-workers   LoadBalancer   10.100.165.20    <entrypoint_assigned>   1514:301
 $ kubectl get deployments -n wazuh
 NAME              READY   UP-TO-DATE   AVAILABLE   AGE
 wazuh-dashboard   1/1     1            1           4h16m
+wazuh-loadbalancer   2/2     2            2           10h
 ```
 
 #### Statefulsets
@@ -200,6 +202,8 @@ wazuh-indexer-2                    1/1     Running   0          4h17m
 wazuh-manager-master-0             1/1     Running   0          4h17m
 wazuh-manager-worker-0             1/1     Running   0          4h17m
 wazuh-manager-worker-1             1/1     Running   0          4h17m
+wazuh-loadbalancer-66b68f8589-62gw2   1/1     Running     0          9h
+wazuh-loadbalancer-66b68f8589-qlqvl   1/1     Running     0          9h
 ```
 
 #### Accessing Wazuh dashboard
@@ -213,3 +217,35 @@ $ kubectl get services -o wide -n wazuh
 NAME        TYPE           CLUSTER-IP       EXTERNAL-IP                                                              PORT(S)        AGE     SELECTOR
 dashboard   LoadBalancer   10.100.55.244    a91dadfdf2d33493dad0a267eb85b352-1129724810.us-west-1.elb.amazonaws.com  443:31670/TCP  4h19m   app=wazuh-dashboard
 ```
+
+
+###  Configure agents to join wazuh on kubernetes
+
+1- get the ip of the wazuh-loadbalancer
+
+```
+kubectl get service wazuh -loadbalancer
+NAME                 TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)                         AGE
+nginx-loadbalancer   LoadBalancer   10.100.108.134   137.205.213.7   1514:30318/TCP,1515:30190/TCP   10h
+```
+
+in this case the external ip is `137.205.213.7`
+
+2- Configure the client to use that ip for registration (port 1515) and reporting (port 1414). As described on 
+https://documentation.wazuh.com/current/user-manual/wazuh-server-cluster.html#connecting-wazuh-agents-to-the-wazuh-cluster-with-a-load-balancer
+
+In our case is:
+
+```
+<ossec_config>
+  <client>
+    <server>
+      <address>137.205.213.7</address>
+      <protocol>tcp</protocol>
+    </server>
+    ...
+  </client>
+</ossec_config>
+```
+
+For more information on how to configure NGINX as reverse proxy: https://documentation.wazuh.com/current/user-manual/wazuh-server-cluster.html#nginx

wazuh/kustomization.yml

@@ -57,6 +57,7 @@ resources:
   - wazuh_managers/wazuh-workers-svc.yaml
   - wazuh_managers/wazuh-master-sts.yaml
   - wazuh_managers/wazuh-worker-sts.yaml
+  - wazuh_managers/services-router.yaml
 
   - indexer_stack/wazuh-indexer/indexer-svc.yaml
   - indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml

wazuh/wazuh_managers/services-router.yaml

@@ -0,0 +1,86 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-lb-config
+data:
+  nginx.conf: |
+    worker_processes auto;
+
+    events {
+        worker_connections 1024;
+    }
+
+    stream {
+      log_format basic '$remote_addr [$time_local] '
+                        'Protocol: $protocol '
+                        'Status: $status '
+                        'Bytes sent: $bytes_sent '
+                        'Bytes received: $bytes_received '
+                        'Session time: $session_time';
+       upstream master {
+           server wazuh:1515;
+       }
+       upstream workers {
+           hash $remote_addr consistent;
+           server wazuh-workers:1514;
+       }
+       server {
+           listen 1515;
+           proxy_pass master;
+           access_log /dev/stdout basic;
+       }
+       server {
+           listen 1514;
+           proxy_pass workers;
+           # ßaccess_log /dev/stdout basic;
+       }
+    }
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wazuh-loadbalancer
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: wazuh-loadbalancer
+  template:
+    metadata:
+      labels:
+        app: wazuh-loadbalancer
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:alpine
+        ports:
+        - containerPort: 1514
+        - containerPort: 1515
+        volumeMounts:
+        - name: config
+          mountPath: /etc/nginx/nginx.conf
+          subPath: nginx.conf
+      volumes:
+      - name: config
+        configMap:
+          name: nginx-lb-config
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-loadbalancer
+spec:
+  type: LoadBalancer
+  ports:
+  - port: 1514
+    targetPort: 1514
+    protocol: TCP
+    name: agent-report
+  - port: 1515
+    targetPort: 1515
+    protocol: TCP
+    name: agent-register
+  selector:
+    app: wazuh-loadbalancer