generated from canonical/is-charms-template-repo
-
Notifications
You must be signed in to change notification settings - Fork 1
/
charmcraft.yaml
116 lines (111 loc) · 4.18 KB
/
charmcraft.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# Copyright 2024 Canonical Ltd.
# See LICENSE file for licensing details.
# This file configures Charmcraft.
# See https://juju.is/docs/sdk/charmcraft-config for guidance.
type: charm
bases:
- build-on:
- name: "ubuntu"
channel: "22.04"
run-on:
- name: "ubuntu"
channel: "22.04"
parts:
charm:
build-packages:
- libffi-dev
- libssl-dev
- libxml2-dev
- libxslt-dev
- pkg-config
- python3-dev
build-snaps:
- rustup
charm-requirements:
- requirements-charmcraft.txt
override-build: |
rustup default stable
craftctl default
# charmcraft filters all environment variables, build statically linked variant of lxml here
ls -lah $CRAFT_PART_INSTALL/venv
CFLAGS="-O3 -g1 -pipe -fPIC -flto" \
LDFLAGS="-fPIC -flto" \
STATIC_DEPS="true" \
$CRAFT_PART_BUILD/staging-venv/bin/pip \
install --target $CRAFT_PART_INSTALL/venv -v \
--no-binary :all: \
$(grep lxml requirements-lxml.txt)
# install all remaining packages depends on lxml
$CRAFT_PART_BUILD/staging-venv/bin/pip \
install --target $CRAFT_PART_INSTALL/venv -v \
--no-binary :all: \
-r requirements-lxml.txt
name: wazuh-server
summary: A charm deploying the Wazuh server.
links:
contact: https://launchpad.net/~canonical-is-devops
documentation: https://discourse.charmhub.io
issues: https://github.com/canonical/wazuh-server-operator/issues
source: https://github.com/canonical/wazuh-server-operator
description: |
A [Juju](https://juju.is/) [charm](https://juju.is/docs/olm/charmed-operators)
deploying and managing [Wazuh server]
(https://documentation.wazuh.com/current/getting-started/components/wazuh-server.html)
on Kubernetes. [Wazuh](https://wazuh.com/) is an open-source XDR and SIEM
tool for endpoints and cloud workloads.
This charm simplifies initial deployment and "day N" operations of Wazuh
on Kubernetes, such as scaling the number of instances, TLS certificates
configuration and more. It allows for deployment on many different Kubernetes
platforms, from [MicroK8s](https://microk8s.io) to [Charmed Kubernetes]
(https://ubuntu.com/kubernetes) and public cloud Kubernetes offerings.
As such, the charm makes it easy for those looking to take control of their own
XDR and SIEM system whilst keeping operations simple, and gives them the
freedom to deploy on the Kubernetes platform of their choice.
For DevOps or SRE teams this charm will make operating Wazuh simple and
straightforward through Juju's clean interface. It will allow easy deployment
into multiple environments for testing of changes, and supports scaling out for
enterprise deployments.
assumes:
- juju >= 3.1.0
- k8s-api
containers:
wazuh-server:
resource: wazuh-server-image
resources:
wazuh-server-image:
type: oci-image
description: OCI image for the Wazuh server
requires:
certificates:
interface: tls-certificates
limit: 1
opensearch-client:
interface: opensearch_client
limit: 1
ingress:
interface: traefik_route
limit: 1
config:
options:
agent-password:
type: secret
description: >
The Juju secret ID corresponding to the password used by the agents to connect to Wazuh.
custom-config-repository:
type: string
description: >
The repository URL where the Wazuh configuration is stored. The username has to be provided as in
git+ssh://username@repository@branch, where the branch is optional.
The charms expects the repository to contain a var/ossec directory to be copied over /var/ossec on
the running instance.
custom-config-ssh-key:
type: secret
description: >
The Juju secret ID corresponding to the private key for SSH authentication.
The secret should contain a single key, "value", which maps to the actual SSH key.
To create the secret, run the following command:
`juju add-secret my-custom-config-ssh-key value=<ssh-key> && juju grant-secret my-custom-config-ssh-key wazuh-server`,
and use the secret ID output to configure this option.
peers:
wazuh-peers:
interface: wazuh-instance