Feature request: manage certificates by cert-manager

[gecube]

Hello,

Currently, Wazuh utilizes an .sh-based approach for managing certificates. While functional, this method presents certain challenges, including manual rotation and limited support for modern Kubernetes environments which are based on the GitOps approach.

To address these challenges, I propose to use cert-manager for managing the certificates in the Wazuh deployment. cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will enable us to automate the certificate management process and make it more secure and maintainable.

Please, consider the following pros of the proposed solution:

• Industry standard: cert-manager is a de-facto standard for managing certificates in Kubernetes, thus we can assume, that it's already present in the most of the Kubernetes clusters.
• Security: It's a well-known and well-maintained solution, which makes it possible to rely on it without worying about significat security issues.
• Ease of Use: cert-manager Implements a solid and easy to use API for certficate management.
• Certificate Automation: cert-manager enables us to forget about manual cerficates rotation, which improves overall solution maintainability.
• GitOps Eligible: Using cert-manager enables us to use the GitOps appoach; we can store the cert-manager resources in the GitOps repository and apply them to the cluster using ArgoCD or FluxCD without exposing any sensitive data in a git repo.

Please let me know if you have any questions or concerns about the proposed solution.
I'd be happy to help you with the implementation of the proposed solution and provide a pull request with the changes.

Best regards,
George
/ The Cozystack Development Team /