Release Wazuh version 2.1.0 (#79)

* [wazuh]: improve OpenSearch security configuration reload

* [wazuh]: bump chart version to 2.1.0

Author: thread-koder

charts/wazuh/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.0.0
+version: 2.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/wazuh/templates/indexer/indexer-sts.yaml

@@ -63,7 +63,8 @@ spec:
             - vm.max_map_count=262144
           securityContext:
             {{- toYaml .Values.indexer.initContainers.securityContext | nindent 12 }}
-        - name: security-admin
+        {{- if .Values.indexer.config.reloadSecurityConfig }}
+        - name: reload-security-config
           securityContext:
             {{- toYaml .Values.indexer.securityContext | nindent 12 }}
           image: "{{ .Values.indexer.image.repository }}:{{ .Values.indexer.image.tag | default .Chart.AppVersion }}"
@@ -72,6 +73,12 @@ spec:
             - sh
             - -c
             - |
+              # Wait for indexer to be ready
+              until curl -k -u $INDEXER_USERNAME:$INDEXER_PASSWORD https://localhost:9200/_cluster/health; do
+                echo "Waiting for indexer to be ready..."
+                sleep 10
+              done
+              
               # Run security admin
               export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && \
               bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh \
@@ -104,6 +111,24 @@ spec:
               value: {{ .Values.indexer.config.sslEnabled | quote }}
             - name: DISABLE_INSTALL_DEMO_CONFIG
               value: "true"
+            - name: INDEXER_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  {{- if .Values.manager.config.secrets.existingSecretName }}
+                  name: {{ .Values.manager.config.secrets.existingSecretName }}
+                  {{- else }}
+                  name: {{ include "wazuh.fullname" . }}-manager
+                  {{- end }}
+                  key: INDEXER_USERNAME
+            - name: INDEXER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  {{- if .Values.manager.config.secrets.existingSecretName }}
+                  name: {{ .Values.manager.config.secrets.existingSecretName }}
+                  {{- else }}
+                  name: {{ include "wazuh.fullname" . }}-manager
+                  {{- end }}
+                  key: INDEXER_PASSWORD
           volumeMounts:
             - name: wazuh-indexer
               mountPath: /var/lib/wazuh-indexer
@@ -130,6 +155,7 @@ spec:
             {{- with .Values.indexer.volumeMounts }}
               {{- toYaml . | nindent 12 }}
             {{- end }}
+        {{- end }}
       containers:
         - name: {{ include "wazuh.fullname" . }}-indexer
           securityContext:

charts/wazuh/values.yaml

@@ -99,6 +99,9 @@ indexer:
     javaOpts: "-Xms2g -Xmx2g -Dlog4j2.formatMsgNoLookups=true"
     # Network host configuration
     networkHost: "0.0.0.0"
+    # Set to true when you make changes to OpenSearch security configuration files
+    # (opensearch-security/config.yml, internal_users.yml, etc.) to reload the security settings
+    reloadSecurityConfig: false
     # The name of the configmap that includes the custom indexer config
     # Must have the following key "opensearch.yml"
     indexerCustomConfig: ""
@@ -507,4 +510,4 @@ serviceAccount:
   annotations: {}
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
-  name: ""
+  name: ""