-
Notifications
You must be signed in to change notification settings - Fork 211
174 lines (142 loc) · 7.72 KB
/
local-deployment-test.yml
File metadata and controls
174 lines (142 loc) · 7.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
run-name: Kubernetes Local deployment test - Branch ${{ inputs.BRANCH_VERSION }} - Launched by @${{ github.actor }}
name: Test Wazuh Local deployment on Kubernetes
on:
pull_request:
workflow_dispatch:
inputs:
BRANCH_VERSION:
description: 'Branch version to deploy'
required: true
default: 'main'
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
env:
ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
WAZUH_REVISION: latest
ARTIFACT_URLS_FILE_TEMP: "/tmp/wazuh-docker/artifact_urls.yaml"
ARTIFACT_URLS_ENV_FILE: "/tmp/wazuh-docker/artifact_urls.sh"
ASSISTANT_REVISION: latest
jobs:
Local_deployment_test:
runs-on: ubuntu-24.04
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ inputs.BRANCH_VERSION }}
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
aws-region: "${{ secrets.AWS_REGION }}"
- name: Get Wazuh version
run: |
WAZUH_VERSION=$(jq -r '.version' VERSION.json)
WAZUH_MAJOR=$(echo "$WAZUH_VERSION" | cut -d '.' -f 1)
WAZUH_MINOR=$(echo "$WAZUH_VERSION" | cut -d '.' -f 1-2)
echo WAZUH_VERSION=$WAZUH_VERSION >> $GITHUB_ENV
echo WAZUH_MAJOR=$WAZUH_MAJOR >> $GITHUB_ENV
echo WAZUH_MINOR=$WAZUH_MINOR >> $GITHUB_ENV
- name: Setup Artifacts
uses: ./.github/actions/setup_artifacts
with:
aws-region: ${{ secrets.AWS_REGION }}
s3-bucket-artifacts: ${{ secrets.ARTIFACTS_S3_BUCKET }}
artifact-urls-file-temp: ${{ env.ARTIFACT_URLS_FILE_TEMP }}
wazuh-version: ${{ env.WAZUH_VERSION }}
wazuh-major: ${{ env.WAZUH_MAJOR }}
assistant_revision: ${{ env.ASSISTANT_REVISION }}
dev_s3_bucket: ${{ vars.AWS_S3_BUCKET_DEV}}
env_file_output: ${{ env.ARTIFACT_URLS_ENV_FILE }}
- name: Load artifact URLs environment variables onto GITHUB_ENV
run: |
cat ${{ env.ARTIFACT_URLS_ENV_FILE }} >> $GITHUB_ENV
- name: Install pytest
run: |
sudo apt install -y python3-pytest
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
- name: free disk space
run: |
sudo swapoff -a
sudo rm -f /swapfile
sudo apt update -y && sudo apt upgrade -y
sudo apt clean
df -h
- name: Install Minikube cluster
run: |
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube && rm minikube-linux-amd64
- name: Start Minikube cluster
run: minikube start --memory=8192 --cpus=4 --network-plugin=cni --cni=calico
- name: Replace image registry to ECR
run: |
yq e -i '.spec.template.spec.containers[] |= select(.name == "wazuh-dashboard").image = "${{ env.ECR_REGISTRY }}/wazuh/wazuh-dashboard:${{ env.WAZUH_VERSION }}"' wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
yq e -i '.spec.template.spec.containers[] |= select(.name == "wazuh-indexer").image = "${{ env.ECR_REGISTRY }}/wazuh/wazuh-indexer:${{ env.WAZUH_VERSION }}"' wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
yq e -i '.spec.template.spec.initContainers[] |= select(.name == "init-wazuh-etc").image = "${{ env.ECR_REGISTRY }}/wazuh/wazuh-manager:${{ env.WAZUH_VERSION }}"' wazuh/wazuh_managers/wazuh-master-sts.yaml
yq e -i '.spec.template.spec.containers[] |= select(.name == "wazuh-manager").image = "${{ env.ECR_REGISTRY }}/wazuh/wazuh-manager:${{ env.WAZUH_VERSION }}"' wazuh/wazuh_managers/wazuh-master-sts.yaml
yq e -i '.spec.template.spec.initContainers[] |= select(.name == "init-wazuh-etc").image = "${{ env.ECR_REGISTRY }}/wazuh/wazuh-manager:${{ env.WAZUH_VERSION }}"' wazuh/wazuh_managers/wazuh-worker-sts.yaml
yq e -i '.spec.template.spec.containers[] |= select(.name == "wazuh-manager").image = "${{ env.ECR_REGISTRY }}/wazuh/wazuh-manager:${{ env.WAZUH_VERSION }}"' wazuh/wazuh_managers/wazuh-worker-sts.yaml
- name: Login to AWS ECR
run: |
aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ env.ECR_REGISTRY }}
- name: Download Wazuh images
run: |
docker pull ${{ env.ECR_REGISTRY }}/wazuh/wazuh-dashboard:${{ env.WAZUH_VERSION }}
docker pull ${{ env.ECR_REGISTRY }}/wazuh/wazuh-indexer:${{ env.WAZUH_VERSION }}
docker pull ${{ env.ECR_REGISTRY }}/wazuh/wazuh-manager:${{ env.WAZUH_VERSION }}
- name: Load Wazuh images into Minikube
run: |
minikube image load ${{ env.ECR_REGISTRY }}/wazuh/wazuh-dashboard:${{ env.WAZUH_VERSION }}
minikube image load ${{ env.ECR_REGISTRY }}/wazuh/wazuh-indexer:${{ env.WAZUH_VERSION }}
minikube image load ${{ env.ECR_REGISTRY }}/wazuh/wazuh-manager:${{ env.WAZUH_VERSION }}
- name: Download Wazuh certificates tool and config files
run: |
cd wazuh/
aws s3 cp ${{ env.wazuh_certs_tool }} "wazuh-certs-tool.sh"
aws s3 cp ${{ env.wazuh_config_yml }} "config.yml"
- name: Update config file
run: |
yq e -i '.nodes.indexer[0].name = "indexer"' wazuh/config.yml
yq e -i 'del(.nodes.indexer[0].ip)' wazuh/config.yml
yq e -i '.nodes.indexer[0].dns = ["wazuh-indexer", "wazuh-indexer.wazuh.svc.cluster.local"]' wazuh/config.yml
yq e -i '.nodes.manager[0].name = "manager"' wazuh/config.yml
yq e -i 'del(.nodes.manager[0].ip)' wazuh/config.yml
yq e -i '.nodes.manager[0].dns = ["wazuh-api", "wazuh-api.wazuh.svc.cluster.local"]' wazuh/config.yml
yq e -i 'del(.nodes.dashboard[0].ip)' wazuh/config.yml
yq e -i '.nodes.dashboard[0].dns = ["dashboard", "dashboard.wazuh.svc.cluster.local"]' wazuh/config.yml
- name: Create Wazuh certificates
run: |
cd wazuh/
sudo bash ../tools/utils/deployment/certificates-conf.sh --cert --copy --priv
- name: Change provisioner for minikube
run: |
sed -i 's/provisioner: microk8s.io\/hostpath/# provisioner: microk8s.io\/hostpath/; s/# provisioner: k8s.io\/minikube-hostpath/provisioner: k8s.io\/minikube-hostpath/' envs/local-env/storage-class.yaml
- name: Update Wazuh ingress DNS
run: |
yq e -i '.spec.routes[0].match = "HostSNI(`localhost`)"' wazuh/base/ingressRoute-tcp-dashboard.yaml
- name: Deploy Traefik CRD
run: |
kubectl apply -f traefik/crd/kubernetes-crd-definition-v1.yml
- name: Deploy Wazuh stack
run: kubectl apply -k envs/local-env/
- name: Wait 10 minutes for Wazuh stack startup
run: sleep 10m
- name: View stack status
run: kubectl get all -n wazuh -o wide
- name: Wazuh dashboard pod name
run: |
DASHBOARD_POD=$(kubectl get pods -n wazuh | grep wazuh-dashboard | awk '{print $1;}')
echo DASHBOARD_POD=$DASHBOARD_POD >> $GITHUB_ENV
- name: View Wazuh dashboard logs
run: kubectl logs ${{ env.DASHBOARD_POD }} -n wazuh
- name: View Wazuh indexer 0 logs
run: kubectl logs wazuh-indexer-0 -n wazuh
- name: View Wazuh manager master logs
run: kubectl logs wazuh-manager-master-0 -n wazuh
- name: View Wazuh manager worker 0 logs
run: kubectl logs wazuh-manager-worker-0 -n wazuh
- name: Run pytest
run: |
pytest tests/k8s_pytest.py -v --deployment-type local