Ajout wazuh

wazuh-agent-container/Dockerfile

@@ -0,0 +1,17 @@
+FROM reg.cadoles.com/proxy_cache/library/debian:12.10
+
+RUN apt-get update \
+    && apt-get install -y gpg curl \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+RUN curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
+
+RUN echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
+
+RUN apt-get update \
+    && apt-get install -y wazuh-agent \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+CMD /var/ossec/bin/wazuh-control start

wazuh-agent-k8s-autoadd/Dockerfile

@@ -0,0 +1 @@
+FROM golang:1.24 AS build                                                                               

wazuh-agent-k8s-autoadd/cmd/cli/main.go

@@ -0,0 +1,19 @@
+package main
+
+import (
+	"log"
+	"os"
+
+	"forge.cadoles.com/cadoles/wazuh-agent-k8s-autoadd/internal/config"
+	"forge.cadoles.com/cadoles/wazuh-agent-k8s-autoadd/internal/wazuh"
+)
+
+func main() {
+	cfg, err := config.NewConfig()
+	if err != nil {
+		os.Exit(1)
+	}
+	log.Print(cfg.BaseURL)
+
+	// Faire l'appel
+}

wazuh-agent-k8s-autoadd/go.mod

@@ -0,0 +1,5 @@
+module forge.cadoles.com/cadoles/wazuh-agent-k8s-autoadd
+
+go 1.23.3
+
+require github.com/caarlos0/env/v11 v11.3.1

wazuh-agent-k8s-autoadd/go.sum

@@ -0,0 +1,2 @@
+github.com/caarlos0/env/v11 v11.3.1 h1:cArPWC15hWmEt+gWk7YBi7lEXTXCvpaSdCiZE2X5mCA=
+github.com/caarlos0/env/v11 v11.3.1/go.mod h1:qupehSf/Y0TUTsxKywqRt/vJjN5nz6vauiYEUUr8P4U=

wazuh-agent-k8s-autoadd/internal/config/config.go

@@ -0,0 +1,20 @@
+package config
+
+import (
+	"github.com/caarlos0/env/v11"
+	"log"
+)
+
+type Config struct {
+	BaseURL string `env:"WAZUH_MANAGER_BASE_URL,required,notEmpty"`
+}
+
+func NewConfig() (*Config, error) {
+	cfg := &Config{}
+	if err := env.Parse(cfg); err != nil {
+		log.Print(err)
+		return nil, err
+	}
+
+	return cfg, nil
+}

wazuh-agent-k8s-autoadd/internal/wazuh/wazuh.go

@@ -0,0 +1,26 @@
+package wazuh
+
+import (
+	"encoding/json"
+	"log"
+	"net/http"
+
+	"forge.cadoles.com/cadoles/wazuh-agent-k8s-autoadd/internal/config"
+)
+
+func AddAgent(cfg Config) (error) {
+	// Craft jwt
+
+	resp, err := http.DefaultClient.Post(cfg.BaseURL + "/agents")
+	if err != nil {
+		return false, err
+	}
+	defer resp.Body.Close()
+
+	switch resp.StatusCode {
+	case http.StatusOK:
+		return nil
+	default:
+		return false, fmt.Errorf("Bad status: %d", resp.StatusCode)
+	}
+}

wazuh-agent-kustom/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ./resources/daemonset.yaml
+
+secretGenerator:
+- name: wazuh-agent-secret
+  literals:
+  - A=A
+
+configMapGenerator:
+- name: wazuh-agent-env
+  literals:
+  - A=A
+

wazuh-agent-kustom/resources/daemonset.yaml

@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: wazuh-agent
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: wazuh-agent
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: wazuh-agent
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: wazuh-agent
+    spec:
+      initContainers:
+      - name: wazuh-register
+        image: ??
+        envFrom:
+        - configMapRef:
+            name: wazuh-agent-env
+        - secretRef:  # Peut-être à décortiquer plutôt
+            name: wazuh-agent-secret
+        resources:
+          limits:
+            memory: 200Mi
+            cpu: 500m
+          requests:
+            memory: 100Mi
+            cpu: 100m
+        volumeMounts:
+        - name: ossec-etc
+          mountPath: /var/ossec/etc/
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          runAsUser: 1000
+      containers:
+      - name: wazuh-agent
+        image: ??
+        envFrom:
+        - configMapRef:
+            name: wazuh-agent-env # nécessaire ?
+        - secretRef:  # Peut-être à décortiquer plutôt
+            name: wazuh-agent-secret
+        # TODO: add liveness, readiness, startup probes with ports if necessary
+        resources:
+          limits:
+            cpu: 500m
+            memory: 512Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        volumeMounts:
+        - name: var-log
+          mountPath: /var/log
+          readOnly: true
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: var-log
+        hostPath:
+          path: /var/log
+      - name: ossec-etc
+        emptyDir:
+          sizeLimit: 1Mi