Ajout wazuh

2025-04-17 11:52:47 +02:00
parent 4cafa6f784
commit 10e326b4b1
9 changed files with 172 additions and 0 deletions
--- a/wazuh-agent-kustom/kustomization.yaml
+++ b/wazuh-agent-kustom/kustomization.yaml
@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ./resources/daemonset.yaml
+
+secretGenerator:
+- name: wazuh-agent-secret
+  literals:
+  - A=A
+
+configMapGenerator:
+- name: wazuh-agent-env
+  literals:
+  - A=A
+
--- a/wazuh-agent-kustom/resources/daemonset.yaml
+++ b/wazuh-agent-kustom/resources/daemonset.yaml
@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: wazuh-agent
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: wazuh-agent
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: wazuh-agent
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: wazuh-agent
+    spec:
+      initContainers:
+      - name: wazuh-register
+        image: ??
+        envFrom:
+        - configMapRef:
+            name: wazuh-agent-env
+        - secretRef:  # Peut-être à décortiquer plutôt
+            name: wazuh-agent-secret
+        resources:
+          limits:
+            memory: 200Mi
+            cpu: 500m
+          requests:
+            memory: 100Mi
+            cpu: 100m
+        volumeMounts:
+        - name: ossec-etc
+          mountPath: /var/ossec/etc/
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          runAsUser: 1000
+      containers:
+      - name: wazuh-agent
+        image: ??
+        envFrom:
+        - configMapRef:
+            name: wazuh-agent-env # nécessaire ?
+        - secretRef:  # Peut-être à décortiquer plutôt
+            name: wazuh-agent-secret
+        # TODO: add liveness, readiness, startup probes with ports if necessary
+        resources:
+          limits:
+            cpu: 500m
+            memory: 512Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        volumeMounts:
+        - name: var-log
+          mountPath: /var/log
+          readOnly: true
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: var-log
+        hostPath:
+          path: /var/log
+      - name: ossec-etc
+        emptyDir:
+          sizeLimit: 1Mi