manager_cluster/wazuh-manager-worker-1-sts.yaml

#######################################################################
# Kubernetes StatefulSet for Wazuh manager worker-1 node
#
# We have 3 StatefulSet because the Manager configuration requires the
# node_name to be unique for each cluster member.
#
# https://github.com/wazuh/wazuh/issues/1329 will allow us to go back
# to a single StatefulSet for all workers.
#######################################################################

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: wazuh-manager-worker-1
  namespace: wazuh
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wazuh-manager
      node-type: worker
      sts-id: '1'
  serviceName: wazuh-cluster
  podManagementPolicy: Parallel
  template:
    metadata:
      labels:
        app: wazuh-manager
        node-type: worker
        sts-id: '1'
      name: wazuh-manager-worker-1
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: sts-id
                      operator: In
                      values:
                        - '0'
                topologyKey: kubernetes.io/hostname
      volumes:
        - name: config
          configMap:
            name: wazuh-manager-worker-1-conf
      containers:
        - name: wazuh-manager
          image: 'wazuh/wazuh:3.6.1_6.4.0'
          resources:
            requests:
              cpu: 500m
              memory: 256Mi
            limits:
              cpu: 1
              memory: 512Mi
          volumeMounts:
            - name: config
              mountPath: /wazuh-config-mount/etc/ossec.conf
              subPath: ossec.conf
              readOnly: true
            - name: wazuh-manager-worker
              mountPath: /var/ossec/data
            - name: wazuh-manager-worker
              mountPath: /etc/postfix
          ports:
            - containerPort: 1514
              name: agents-events
            - containerPort: 1516
              name: wazuh-clusterd
  volumeClaimTemplates:
    - metadata:
        name: wazuh-manager-worker
        namespace: wazuh
      spec:
        accessModes:
          - ReadWriteOnce
        storageClassName: gp2-encrypted-retained
        resources:
          requests:
            storage: 10Gi