Day-2 Operations

How the operator behaves after the initial bring-up, and what still needs care.

Scaling

# Indexer nodes
kubectl patch wazuhcluster acme -n wazuh-acme --type=merge \
  -p '{"spec":{"indexer":{"replicas":5}}}'

# Manager workers
kubectl patch wazuhcluster acme -n wazuh-acme --type=merge \
  -p '{"spec":{"manager":{"workers":{"replicas":3}}}}'

The StatefulSet scales and the config checksum rolls existing pods so discovery settings stay consistent. Vertical changes (resources) also roll the pods through the normal StatefulSet update.

Configuration changes

Edit any component field; the operator re-renders the ConfigMaps and rolls the affected pods automatically (see Upgrades → config changes).

Observability

• kubectl get wazuhcluster — MODE / VERSION / PHASE.
• status.conditions — per-component readiness (IndexerReady, ManagerReady, DashboardReady, Ready).
• Operator metrics on :8080 (wazuhcluster_reconciles_total, wazuhcluster_reconcile_duration_seconds, wazuhcluster_component_ready).

Deletion

Deleting a WazuhCluster cascades to all children (StatefulSets, Deployment, Services, ConfigMaps, Secrets, Job, Ingress, and their PVCs) via owner references. A finalizer guards the terminal status update.

kubectl delete wazuhcluster demo -n wazuh-demo

Known limitations (planned follow-ups)

• PVC resize — volumeClaimTemplates are immutable, so changing storage.size on an existing cluster is rejected by the API server (surfaced as a Degraded condition). Expanding requires manual PVC expansion plus a StatefulSet recreate.
• deploymentMode switch — not an in-place migration (see Deployment Modes).
• Backups / restore — no integration yet; snapshot the indexer manually.
• Credential & certificate rotation — generated once; rotation is a follow-up.

See the Roadmap for what is planned next.