feat: Add production-grade resource limits and security improvements

Based on Kubernetes configuration analysis from wazuh-kubernetes-main repository. Changes to docker-compose.json: - Add resource limits (CPU/RAM) to all services based on K8s recommendations * Indexer: 0.5-1.0 CPU, 1-2GB RAM * Manager: 1.0-2.0 CPU, 1-2GB RAM * Dashboard: 0.2-0.4 CPU, 512MB-2GB RAM - Add Log4j security flag: -Dlog4j2.formatMsgNoLookups=true (CVE-2021-44228) - Add DISABLE_INSTALL_DEMO_CONFIG=true for indexer security - Add WAZUH_NODE_TYPE=master for explicit node configuration - Add SERVER_SSL_ENABLED=true for dashboard Changes to metadata/description.md: - Update prerequisites with CPU/RAM/Disk requirements - Add "Variables d'Environnement Techniques" section - Rewrite "Limites de Ressources" with K8s-based recommendations - Update "Espace Disque" with production storage requirements - Add new section "Considérations de Production et Scaling" * Single-node deployment limitations * HA configuration with Kubernetes * Scaling recommendations * Production security checklist * Backup script for critical volumes All improvements follow official Wazuh Kubernetes production configurations for optimal stability and security. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-04 13:14:58 +01:00
parent ae10472528
commit 8cd871c61d
2 changed files with 206 additions and 13 deletions
--- a/apps/wazuh-runtipi/docker-compose.json
+++ b/apps/wazuh-runtipi/docker-compose.json
@@ -73,7 +73,11 @@
      "environment": [
        {
          "key": "OPENSEARCH_JAVA_OPTS",
-          "value": "-Xms1g -Xmx1g"
+          "value": "-Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true"
+        },
+        {
+          "key": "DISABLE_INSTALL_DEMO_CONFIG",
+          "value": "true"
        },
        {
          "key": "bootstrap.memory_lock",
@@ -118,6 +122,18 @@
          "hard": 65536
        }
      },
+      "deploy": {
+        "resources": {
+          "limits": {
+            "cpus": "1.0",
+            "memory": "2G"
+          },
+          "reservations": {
+            "cpus": "0.5",
+            "memory": "1G"
+          }
+        }
+      },
      "volumes": [
        {
          "hostPath": "${APP_DATA_DIR}/data/indexer-data",
@@ -197,6 +213,10 @@
          "key": "WAZUH_NODE_NAME",
          "value": "manager"
        },
+        {
+          "key": "WAZUH_NODE_TYPE",
+          "value": "master"
+        },
        {
          "key": "WAZUH_CLUSTER_NODES",
          "value": "wazuh.manager"
@@ -252,6 +272,18 @@
          "hard": 655360
        }
      },
+      "deploy": {
+        "resources": {
+          "limits": {
+            "cpus": "2.0",
+            "memory": "2G"
+          },
+          "reservations": {
+            "cpus": "1.0",
+            "memory": "1G"
+          }
+        }
+      },
      "addPorts": [
        {
          "containerPort": 1514,
@@ -335,6 +367,10 @@
          "key": "OPENSEARCH_HOSTS",
          "value": "https://wazuh.indexer:9200"
        },
+        {
+          "key": "SERVER_SSL_ENABLED",
+          "value": "true"
+        },
        {
          "key": "INDEXER_USERNAME",
          "value": "${INDEXER_USERNAME:-admin}"
@@ -394,6 +430,18 @@
          "containerPath": "/scripts"
        }
      ],
+      "deploy": {
+        "resources": {
+          "limits": {
+            "cpus": "0.4",
+            "memory": "2G"
+          },
+          "reservations": {
+            "cpus": "0.2",
+            "memory": "512M"
+          }
+        }
+      },
      "healthCheck": {
        "test": "curl -ks https://localhost:5601/app/wazuh -o /dev/null -w '%{http_code}' | grep -qE '302|200' || exit 1",
        "interval": "30s",