wazuh · thamudi · Oct 14, 2024 · Oct 14, 2024
diff --git a/source/_static/js/redirects.js b/source/_static/js/redirects.js
@@ -209,6 +209,10 @@ redirections.push(
 
 newUrls['4.9'] = [
   '/release-notes/release-4-9-0.html',
+  '/deployment-options/helm/index.html',
+  '/deployment-options/helm/chart-usage.html',
+  '/deployment-options/helm/wazuh-chart-values.html',
+  '/deployment-options/helm/upgrading-wazuh-helm.html',
   '/deployment-options/offline-installation/index.html',
   '/deployment-options/offline-installation/step-by-step.html',
   '/deployment-options/offline-installation/installation-assistant.html',

diff --git a/source/deployment-options/helm/chart-usage.rst b/source/deployment-options/helm/chart-usage.rst
@@ -0,0 +1,91 @@
+.. Copyright (C) 2015, Wazuh, Inc.
+
+.. meta::
+  :description: Learn more about the process of installing and configuring the Wazuh chart. 
+
+Using the Wazuh Chart
+=====================
+
+
+Getting started
+---------------
+
+To get started, first install JOSA's helm repo
+
+.. code-block:: bash
+
+    helm repo add josa https://charts.josa.ngo
+    helm repo update
+
+Once your ``values.yaml`` configuration is ready, read the `Configurations notes`_ before installing the chart.
+
+.. code-block:: bash
+
+   helm install wazuh josa/wazuh
+
+Configurations notes
+--------------------
+
+Release Name
+^^^^^^^^^^^^
+
+We strongly recommend setting the release name to "wazuh" to avoid issues with the manager configuration. The wazuh manager nodes use the name "wazuh" by default. If you want to change the name, you will need to provide your own ``wazuh-manager`` configuration under ``manager.config.customManagerConfig``. You will need to provide your own ``master.conf`` and ``worker.conf`` in your config maps, containing your release name.
+
+**Example on the release name:**
+
+If your release name is ``my-release``, the manager node references in the configuration files should look like:
+
+.. code-block:: yaml
+
+   my-release-manager-master-0.my-release-cluster
+
+Make sure that the cluster name matches the release name (``my-release`` in this example).
+
+**Example of the node name under ``master.conf`` and ``worker.conf``:**
+
+.. code-block:: conf
+
+   <cluster>
+      <name>my-release</name>
+      <node_name>my-release-manager-master</node_name>
+      <node_type>master</node_type>
+      <key>to_be_replaced_by_cluster_key</key>
+      <port>1516</port>
+      <bind_addr>0.0.0.0</bind_addr>
+      <nodes>
+         <node>my-release-manager-master-0.my-release-cluster</node>
+      </nodes>
+      <hidden>no</hidden>
+      <disabled>no</disabled>
+   </cluster>
+
+You can take a look at our configuration in our templates `here <./configs/wazuh_conf/>`_.
+
+TLS
+^^^
+
+TLS is enabled and required at all times in our chart. To get this chart working, you will need to provide the following TLS configuration. The easiest way, and the one we recommend, is that you enable the certification creation in our chart if your cluster has `cert-manager <https://cert-manager.io/docs/installation/helm/>`_ installed. If you don't have a cert-manager, you can generate the required certificates and provide them as secrets under ``tls.secretName``. 
+
+The required certificates you will need in your secrets are the following:
+
+- admin-key.pem
+- admin.pem
+- node-key.pem (referenced in the docs as index-key.pem and indexer.pem)
+- node.pem
+- root-ca.pem
+- server.key
+- server.cert
+- key.pem
+- cert.pem
+- filebeat-key.pem
+- filebeat.pem
+
+For more information on how to generate these .pem files, refer to the `wazuh Deployment kubernetes <https://documentation.wazuh.com/current/deployment-options/deploying-with-kubernetes/kubernetes-deployment.html#setup-ssl-certificates>`_.
+
+You may notice that we did not provide the files ``dashboard-key.pem`` and ``dashboard.pem``. This is because the Wazuh Kubernetes setup uses multiple names for the same certificate. Specifically, it utilizes ``key.pem`` and ``cert.pem`` alongside ``dashboard.pem`` and ``dashboard-key.pem``, even though they refer to the same underlying certificates. In other words, different names are used interchangeably for the same certificate files across the setup.
+
+Helpful links
+-------------
+
+- `Wazuh documentation <https://documentation.wazuh.com/current/deployment-options/deploying-with-kubernetes/index.html>`_
+
diff --git a/source/deployment-options/helm/index.rst b/source/deployment-options/helm/index.rst
@@ -0,0 +1,25 @@
+.. Copyright (C) 2015, Wazuh, Inc.
+
+.. meta::
+  :description: Learn more about the process of installing and configuring the Wazuh deployment using Helm in this section of our documentation.
+
+Deployment using Helm
+======================
+
+This section details the process of installing Wazuh using Helm. `Helm <https://helm.sh/>`_ is a package manager for Kubernetes that simplifies the deployment and management of applications within Kubernetes clusters. Helm charts package up all dependencies, configuration, and resource definitions necessary to run an application on Kubernetes.
+
+Using Helm guarantees that the application deployment is consistent across different environments, whether in the cloud or on-premises.
+
+You can install Wazuh using the Helm charts we have created, such as ``wazuh/wazuh-manager``, ``wazuh/wazuh-indexer``, and ``wazuh/wazuh-dashboard``. You can find all the Wazuh Helm charts in the `JOSA's charts Github repo  <https://github.com/jordanopensource/charts/tree/main/charts/wazuh>`_.
+
+You can refer to the `helm install <https://helm.sh/docs/intro/install/>`_ guide in order to figure out how to install helm on your system.
+
+Read the :doc:`/deployment-options/helm/chart-usage` section to learn how to access the services and manage deployments.
+
+.. toctree::
+   :maxdepth: 1
+   :hidden:
+
+   chart-usage
+   wazuh-chart-values
+   upgrading-wazuh-helm
diff --git a/source/deployment-options/helm/upgrading-wazuh-helm.rst b/source/deployment-options/helm/upgrading-wazuh-helm.rst
@@ -0,0 +1,21 @@
+.. Copyright (C) 2015, Wazuh, Inc.
+
+.. meta::
+  :description: Learn how to upgrade Wazuh with helm. 
+
+Upgrading the Chart
+===================
+
+Make sure that you have the JOSA chart  repo
+
+.. code-block:: bash
+
+    helm repo add josa https://charts.josa.ngo
+
+Then run the command
+
+.. code-block:: bash
+
+    helm repo update
+
+That is it!
diff --git a/source/deployment-options/helm/wazuh-chart-values.rst b/source/deployment-options/helm/wazuh-chart-values.rst
@@ -0,0 +1,219 @@
+.. Copyright (C) 2015, Wazuh, Inc.
+
+.. meta::
+  :description: Learn more about the what values the Wazuh chart has. 
+
+Wazuh Chart Values
+==================
+
+.. list-table::
+   :header-rows: 1
+
+   * - Key
+     - Type
+     - Default
+     - Description
+   * - dashboard.affinity
+     - object
+     - `{}`
+     - 
+   * - dashboard.config.ServerSSL
+     - bool
+     - `true`
+     - 
+   * - dashboard.config.dashboardCustomConfig
+     - string
+     - `""`
+     - The configmap name that includes the dashboard custom config file. Must have the key 'opensearch_dashboards.yml'.
+   * - dashboard.config.secrets.dashboardPassword
+     - string
+     - `"kibanaserver"`
+     - 
+   * - dashboard.config.secrets.dashboardUsername
+     - string
+     - `"kibanaserver"`
+     - WARN: Those are the default indexer dashboard credentials, do not change unless you changed the passwords and the usernames using the indexerInternalUsersSecretName in the indexer section.
+   * - dashboard.config.secrets.existingSecretName
+     - string
+     - `""`
+     - The secret must have the following keys: DASHBOARD_USERNAME, DASHBOARD_PASSWORD.
+   * - dashboard.image.pullPolicy
+     - string
+     - `"IfNotPresent"`
+     - 
+   * - dashboard.image.repository
+     - string
+     - `"wazuh/wazuh-dashboard"`
+     - 
+   * - dashboard.image.tag
+     - string
+     - `"4.8.2"`
+     - 
+   * - dashboard.imagePullSecrets
+     - list
+     - `[]`
+     - 
+   * - dashboard.ingress.annotations
+     - object
+     - `{}`
+     - 
+   * - dashboard.ingress.className
+     - string
+     - `"nginx"`
+     - 
+   * - dashboard.ingress.enabled
+     - bool
+     - `false`
+     - 
+   * - dashboard.ingress.hosts[0].host
+     - string
+     - `"chart-example.local"`
+     - 
+   * - dashboard.ingress.hosts[0].paths[0].path
+     - string
+     - `"/"`
+     - 
+   * - dashboard.ingress.hosts[0].paths[0].pathType
+     - string
+     - `"ImplementationSpecific"`
+     - 
+   * - dashboard.ingress.tls
+     - list
+     - `[]`
+     - 
+   * - dashboard.livenessProbe.failureThreshold
+     - int
+     - `3`
+     - 
+   * - dashboard.livenessProbe.httpGet.path
+     - string
+     - `"/"`
+     - 
+   * - dashboard.livenessProbe.httpGet.port
+     - string
+     - `"dashboard"`
+     - 
+   * - dashboard.livenessProbe.initialDelaySeconds
+     - int
+     - `60`
+     - 
+   * - dashboard.livenessProbe.periodSeconds
+     - int
+     - `10`
+     - 
+   * - dashboard.livenessProbe.successThreshold
+     - int
+     - `1`
+     - 
+   * - dashboard.livenessProbe.timeoutSeconds
+     - int
+     - `5`
+     - 
+   * - dashboard.nodeSelector
+     - object
+     - `{}`
+     - 
+   * - dashboard.podAnnotations
+     - object
+     - `{}`
+     - 
+   * - dashboard.podLabels
+     - object
+     - `{}`
+     - 
+   * - dashboard.podSecurityContext
+     - object
+     - `{}`
+     - 
+   * - dashboard.readinessProbe.failureThreshold
+     - int
+     - `3`
+     - 
+   * - dashboard.readinessProbe.httpGet.path
+     - string
+     - `"/"`
+     - 
+   * - dashboard.readinessProbe.httpGet.port
+     - string
+     - `"dashboard"`
+     - 
+   * - dashboard.readinessProbe.initialDelaySeconds
+     - int
+     - `60`
+     - 
+   * - dashboard.readinessProbe.periodSeconds
+     - int
+     - `10`
+     - 
+   * - dashboard.readinessProbe.successThreshold
+     - int
+     - `1`
+     - 
+   * - dashboard.readinessProbe.timeoutSeconds
+     - int
+     - `5`
+     - 
+   * - dashboard.replicaCount
+     - int
+     - `1`
+     - 
+   * - dashboard.resources
+     - object
+     - `{}`
+     - 
+   * - dashboard.securityContext
+     - object
+     - `{}`
+     - 
+   * - dashboard.service.port
+     - int
+     - `5601`
+     - 
+   * - dashboard.service.type
+     - string
+     - `"ClusterIP"`
+     - 
+   * - dashboard.tolerations
+     - list
+     - `[]`
+     - 
+   * - dashboard.volumeMounts
+     - list
+     - `[]`
+     - 
+   * - dashboard.volumes
+     - list
+     - `[]`
+     - 
+   * - fullnameOverride
+     - string
+     - `""`
+     - 
+   * - global.indexerUrl
+     - string
+     - `"https://wazuh-indexer:9200"`
+     - 
+   * - global.wazuhApiUrl
+     - string
+     - `"https://wazuh-master"`
+     - 
+   * - indexer.affinity
+     - object
+     - `{}`
+     - 
+   * - indexer.config.indexerCustomConfig
+     - string
+     - `""`
+     - 
+   * - indexer.config.indexerInternalUsersSecretName
+     - string
+     - `""`
+     - 
+   * - indexer.config.sslEnabled
+     - bool
+     - `true`
+     - 
+   * - indexer.image.pullPolicy
+     - string
+     -
+     -
diff --git a/source/deployment-options/index.rst b/source/deployment-options/index.rst
@@ -156,7 +156,8 @@ These alternatives guide you to install the Wazuh central components along with
 
     virtual-machine/virtual-machine
     amazon-machine-images/amazon-machine-images
-    docker/index 
+    docker/index
+    helm/index
     deploying-with-kubernetes/index
     offline-installation/index
     wazuh-from-sources/index