Deploy the wazuh helm chart on Azure Kubernetes Service (AKS)
TypeScriptTo deploy the Wazuh Helm chart on Azure Kubernetes Service (AKS), you'll first need to create an AKS cluster, and then deploy the Helm chart onto the cluster. Below is a detailed guide and Pulumi program written in TypeScript that accomplishes this goal.
Prerequisites
Before running the Pulumi program, make sure you have these installed:
- Pulumi CLI
- Azure CLI or have already logged in to your Azure account with
az login
.
Creating the AKS Cluster
We will use the
ProvisionedCluster
resource from theazure-native
provider to create an AKS cluster. In this example, we assume that you've set up an Azure resource group and the necessary service principal credentials to create resources in your Azure subscription.Once the cluster is created, we'll need to configure
kubectl
to interact with the new cluster. The output of theProvisionedCluster
resource includes the kubeconfig, which will be used to set upkubectl
.Deploying the Helm Chart
To deploy the Helm chart, we'll use the
Chart
resource from thekubernetes
provider package. This resource allows you to apply a Helm chart from any repository. We'll specify the Wazuh chart, along with any required values or configuration.Here's the Pulumi program to create an AKS cluster and deploy Wazuh:
import * as pulumi from "@pulumi/pulumi"; import * as azure_native from "@pulumi/azure-native"; import * as k8s from "@pulumi/kubernetes"; // Create a resource group if you don't have one yet const resourceGroup = new azure_native.resources.ResourceGroup("myResourceGroup"); // Create the AKS cluster const cluster = new azure_native.hybridcontainerservice.ProvisionedCluster("myAKSCluster", { resourceGroupName: resourceGroup.name, location: resourceGroup.location, properties: { kubernetesVersion: "1.20.5", // specify the desired Kubernetes version enableRBAC: true, // best practices for security agentPoolProfiles: [ { count: 1, // number of nodes in the node pool vmSize: "Standard_DS2_v2", // virtual machine size for the nodes }, ], }, }); // Export the kubeconfig to access the AKS cluster with kubectl export const kubeconfig = cluster.properties.kubeConfig; // Deploy the Wazuh Helm chart onto the AKS cluster const wazuhHelmChart = new k8s.helm.v3.Chart("wazuh", { chart: "wazuh", version: "4.2.5", // specify the desired chart version fetchOpts: { repo: "https://wazuh.github.io/wazuh-kubernetes", // the repository where the chart is located }, }, { provider: new k8s.Provider("k8s-provider", { kubeconfig: cluster.properties.kubeConfig.apply(JSON.stringify), }), }); // To facilitate the connection to the Wazuh dashboard, we can output the LoadBalancer's IP. export const wazuhDashboardIp = wazuhHelmChart.getResourceProperty("v1/Service", "wazuh-svc", "status").apply(status => status.loadBalancer.ingress[0].ip);
Explanation:
- The
resourceGroup
object is creating a new Azure Resource Group where the AKS cluster will reside. - The
cluster
object represents the AKS cluster. We have set up an agent pool with one node of the specified VM size and enabled RBAC for security. - We're exporting
kubeconfig
after the cluster is provisioned. This action will allow us to interact with the cluster usingkubectl
. - The
wazuhHelmChart
object is applying the Wazuh Helm chart to the cluster. You might need to change theversion
to the one you want. It references the AKS cluster's kubeconfig to know where to deploy the chart. - The
wazuhDashboardIp
is an export that will give you the IP address on which the Wazuh dashboard can be accessed, assuming it is exposed via a LoadBalancer service.
Once you have this program set up in a Pulumi project and have logged into Azure with the Azure CLI, you can run
pulumi up
to create the resources. After the deployment, you can use the output IP address to access the Wazuh dashboard.