WazuhCluster reference¶
apiVersion: wazuh.bnerd.com/v1alpha1, kind: WazuhCluster (namespaced).
Spec¶
| Field | Type | Default | Description |
|---|---|---|---|
version |
string | 4.14.5 |
Wazuh release for all component images. |
deploymentMode |
enum | ha |
ha or single-node. |
imageRegistry |
string | wazuh |
Registry/namespace prefix for images. |
indexer.replicas |
int | 3 (ha) / 1 (single) | Indexer nodes. |
indexer.image |
string | derived | Override indexer image. |
indexer.storage.size |
string | 50Gi |
Indexer PVC size. |
indexer.storage.storageClassName |
string | cluster default | Indexer storage class. |
indexer.resources |
ResourceRequirements | – | Indexer container resources. |
manager.image |
string | derived | Override manager image (master + workers). |
manager.master.storage |
StorageSpec | 50Gi |
Master PVC. |
manager.master.resources |
ResourceRequirements | – | Master resources. |
manager.workers.replicas |
int | 2 (ha) / 0 (single) | Worker nodes. |
manager.workers.storage |
StorageSpec | 50Gi |
Worker PVC. |
manager.workers.resources |
ResourceRequirements | – | Worker resources. |
dashboard.replicas |
int | 1 | Dashboard pods. |
dashboard.image |
string | derived | Override dashboard image. |
dashboard.resources |
ResourceRequirements | – | Dashboard resources. |
dashboard.service.type |
enum | ClusterIP |
ClusterIP/NodePort/LoadBalancer. |
dashboard.ingress.enabled |
bool | false |
Create an Ingress for the dashboard. |
dashboard.ingress.host |
string | – | Ingress host. |
dashboard.ingress.className |
string | – | ingressClassName. |
dashboard.ingress.tls.enabled |
bool | false |
Enable Ingress TLS. |
dashboard.ingress.tls.secretName |
string | dashboard cert | TLS secret. |
agentService.type |
enum | ClusterIP |
Exposure for enrollment (1515), events (1514), API (55000). |
tls.caSecretRef |
string | – | Existing CA secret (tls.crt/tls.key); self-signed if empty. |
Status¶
| Field | Description |
|---|---|
phase |
Pending / Provisioning / Ready / Degraded / Failed. |
observedVersion |
Version actually running (advances only when fully rolled out). |
endpoints.dashboard / .agentEnrollment / .indexer |
Reachable endpoints. |
indexer / managerMaster / managerWorkers / dashboard |
readyReplicas / desiredReplicas. |
conditions[] |
CertificatesReady, IndexerReady, ManagerReady, DashboardReady, Ready. |
Example (HA)¶
apiVersion: wazuh.bnerd.com/v1alpha1
kind: WazuhCluster
metadata:
name: acme
namespace: wazuh-acme
spec:
deploymentMode: ha
indexer:
replicas: 3
storage:
size: 100Gi
storageClassName: fast-ssd
manager:
workers:
replicas: 2
dashboard:
ingress:
enabled: true
host: wazuh.acme.example.com
className: nginx
tls:
enabled: true
agentService:
type: LoadBalancer
Full examples live in the repository under
examples/.