Wazuh 4.14 Deployment - Automation Options
Beyond the manual package installation , Wazuh 4.14 supports several automated deployment methods. The choice of tooling depends on existing infrastructure, scale requirements, and the need for reproducible configurations.
Deployment options comparison
| Criterion | Docker | Kubernetes | Ansible | Puppet | Offline |
|---|---|---|---|---|---|
| Initial setup complexity | Low | High | Medium | Medium | Medium |
| Scaling | Limited | Automatic | Manual | Manual | Manual |
| Configuration management | docker-compose.yml | Helm values / manifests | Playbooks / variables | Hiera / class params | Manual |
| Version upgrades | Image replacement | Rolling update | Playbook re-run | Module update | Manual package swap |
| Network requirements | Internet for pull | Internet for pull | Internet for repos | Internet for Forge | None |
| Production readiness | With caveats | Yes | Yes | Yes | Yes |
| Indexer clustering | Multi-node compose | StatefulSet | Multi-host inventory | Multi-node manifest | Manual setup |
| Health monitoring | docker compose ps | kubectl / probes | Not built-in | Puppet reports | Not built-in |
Deployment methods
Docker Compose
The fastest way to stand up a complete Wazuh stack for development and testing. The official wazuh-docker repository provides ready-made configurations for single-node and multi-node architectures.
- Wazuh Docker deployment - docker-compose, certificates, volumes, environment variables
Kubernetes
Deploying Wazuh on Kubernetes enables automatic scaling, self-healing, and integration with cloud platforms. StatefulSets handle stateful components while DaemonSets manage agent distribution.
- Wazuh Kubernetes deployment - Helm, manifests, StatefulSets, DaemonSets, TLS
Ansible
Ansible enables declarative configuration of all Wazuh components and deployment across any number of hosts. Official roles cover installation of the indexer, server, dashboard, and agents.
- Wazuh Ansible deployment - roles, playbooks, inventory, variables
Puppet
The wazuh-puppet module provides classes and defined types for managing all Wazuh components through Puppet. Hiera integration is supported for parameter management.
- Wazuh Puppet deployment - module, classes, Hiera, agents
Offline installation
For air-gapped networks without internet access, Wazuh provides an offline installation procedure with pre-downloaded packages and dependencies.
- Wazuh offline installation - packages, local repository, certificates
Choosing a deployment method
Testing and development
Use Docker Compose for minimal infrastructure requirements, fast startup and teardown, and isolation from the host system. Ideal for rule debugging, integration testing, and training.
Production on bare-metal or VMs
Use Ansible or Puppet depending on which configuration management tool your organization already uses. Both provide installation reproducibility and centralized parameter management.
Container platforms
Use Kubernetes when a cluster is already available. Kubernetes provides automatic recovery, scaling, and standardized upgrade procedures.
Air-gapped networks
Use offline installation for environments without internet connectivity. All packages and dependencies are downloaded in advance and transferred to target hosts.
Common requirements
Regardless of the chosen deployment method, the following are required:
- A 64-bit operating system from the supported list
- Minimum 4 CPU cores and 8 GB RAM for all-in-one; 4 cores and 4 GB RAM per node for distributed deployment
- Open ports: 1514/TCP (agents), 1515/TCP (enrollment), 9200/TCP (Indexer), 443/TCP (Dashboard), 55000/TCP (API)
- Correct DNS or /etc/hosts configuration for inter-node communication