talos-cluster/deployments/security-monitoring/wazuh-app.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: wazuh
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: https://wazuh.github.io/wazuh-certified-helm-charts
    chart: wazuh
    targetRevision: 0.3.0
    helm:
      releaseName: wazuh
      values: |
        ## Global settings
        global:
          email: "admin@khalisio.com"
          secretKey: "wazuh-secret-key-change-me"
          basicAuthentication: true
          basicAuthenticationPassword: "wazuh"
          basicAuthenticationToken: ""
          workerReplicas: 0

        ## Wazuh Manager
        wazuh.manager:
          replicas: 1
          persistence:
            enabled: true
            storageClass: longhorn
            size: 10Gi

        ## Wazuh Dashboard (Kibana with Wazuh plugin)
        wazuh.dashboard:
          replicas: 1
          ingress:
            enabled: true
            host: wazuh.khalisio.com
            annotations:
              traefik.ingress.kubernetes.io/router.entrypoints: websecure
              traefik.ingress.kubernetes.io/router.tls: "true"
              traefik.ingress.kubernetes.io/middlewares: "crowdsec,khalis-authentik"
            tls: true

        ## Filebeat
        wazuh.filebeat:
          replicas: 1

        ## Elasticsearch (Wazuh Certified)
        wazuh.certified:
          replicas: 1
          persistence:
            enabled: true
            storageClass: longhorn
            size: 10Gi
          resources:
            requests:
              cpu: "500m"
              memory: "1Gi"
            limits:
              cpu: "2"
              memory: "4Gi"

  destination:
    server: https://kubernetes.default.svc
    namespace: wazuh

  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true