Hello

We currently don't have Wazuh deployed configured or tested on openshift, but I can help you with some bugs you posted so they can help you fix it.

About this error:

You are having communication problems between pods, this message usually occurs due to several problems. First of all, you should check that the INDEXER_URL variable is pointing to the Wazuh indexer cluster endpoint, in our Kubernetes deployment the INDEXER_URL variable points to the name of pod 0 of the statefulset deployed for Wazuh indexer:
https://github.com/wazuh/wazuh-kubernetes/blob/3db7699f0ae11ce3ee0bb21c80bf451322d48ebd/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml#L61
If you are using the endpoint correctly, You should verify that the certificates are used correctly and that you have not modified the username and password of the admin user, which we have stored in a configmap in our Kubernetes deployment:
https://github.com/wazuh/wazuh-kubernetes/blob/3db7699f0ae11ce3ee0bb21c80bf451322d48ebd/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml#L63

About this error:

They are warnings instead of errors, it is recommended that the permission settings of the certificates be 600 instead of 700 as you are mounting them.

About this error:

In the entrypoint of the Wazuh manager image, the permissions of some files are corrected, so that the application does not have problems functioning, this may be because the container does not have root permissions and they are necessary to be able to start Wazuh manager.

About this error:

In addition to having problems connecting from the Wazuh dashboard to the Wazuh manager API, the No templates found problem appears, indicating that surely Filebeat, which runs inside the Wazuh manager pod, is not able to connect with Wazuh indexer, you should check all the connections between the pods, in addition to verifying that the certificates are correctly mounted in each of the paths.

Hello, thanks for your answer. Indeed, I tried to do what you recommended but it doesn't work unfortunately.

My indexer has :

For my manager pod, when I active root permissions, OpenShift blocks it, because it doesn't like this permissions

It forces me to disable this securitycontext :

When I do the port forward, now I also could not access the dashboard from the web interface, I just have this message :

Thank for your answer !

The error you have may be due to the fact that you have commented out the INDEXER_URL variable, that variable must carry the URL, service name or ip of the Wazuh indexer cluster, so you should check what is the name that Openshift assigns to node 0 of Wazuh indexer and complete it.

Regarding the Wazuh manager node, I know it should have root permissions, so you should find a way to have them assigned, we don't have any Openshift environment to check this error to help you with this. Feel free to open an issue requesting this compatibility and we will add it to our backlog and try to prioritize it.

Hello @vcerenu, sorry for my late. I tried all of solutions but doesn't work. I don't know if you have others ideas ?

Thank!

Hello @0xThegarlic

As I mentioned in the previous post, we don't have an implementation in OpenShift, so we can't test the implementation you're making. The above messages have been created based on bugs that are generated in other similar implementations, but apparently the OpenShift implementation requires some additional considerations that are not currently covered and we would need to do some development on it.

If there are considerations that could be taken into account for the deployment, I invite you to create a PR for us and it will be analyzed to add it to our repositories.