Kubernetes deployment
Install using the Helm chart
The MDSS k8s deployment can be performed directly using the provided helm chart in our public GitHub repo here and example configuration files for different environments are provided in the helm_charts directory.
Using the helm repository
The GitHub repository can be used directly as a helm repo:
helm repo add mdk8s https://opswat.github.io/metadefender-k8s/helm repo update mdk8s#Example installation commandhelm install mdss mdk8s/metadefender_storage_security -f <CUSTOM_VALUES_FILE.yml>Or the repository can be cloned locally:
git clone https://github.com/OPSWAT/metadefender-k8s.git metadefendercd metadefender/helm_carts#Example installation commandhelm install mdss ./mdss -f <CUSTOM_VALUES_FILE.yml>Storage
MDSS containers are stateless and don't require any persistent storage. If the MongoDB database is deployed in the cluster, then it's recommended to use persistent storage managed by a cloud provider. The external database can be configured from the values:
mdss-common-environment MONGO_URL"mongodb://<MONGODB_HOST>:<MONGODB_PORT>/MDCS"When using an external database that is not deployed from the MDSS chart, the deploy_with_mdss_db value has to be set to false in order to not deploy an additional database from the chart.
Exposing MDSS
By default, the helm chart deploys a ClusterIP service for MD Core and this can be changed to any service type supported by the Kubernetes cluster. For example, a LoadBalancerservice type can be created by overwriting the service_type value in the webclientcomponent:
mdss_components webclient service_typeLoadBalancerMDSS can also be exposed using an ingress:
mdss_ingress host<APP_NAMESPACE>-mdss.k8s # Hostname for the publicly accessible ingress, the `<APP_NAMESPACE>` string will be replaced with the namespace where the chart is deployed enabledtrue # Enable or disable the ingress creation classnginx # Sets the ingress class depending on the installed ingress controllerFlexible deployment
By default, the helm chart deploys MDSS with support for the following storage units: azureblob,amazonsdk,googlecloud,alibabacloud,azurefiles,box. For a more efficient use of resources, we can specify only the storage units that are required by changing the ENABLED_MODULES value. For example, we can enable support for just Azure, AWS and GCP:
mdss-common-environment ENABLED_MODULES"azureblob,azurefiles,amazonsdk,googlecloud"Currently supported modules:
- azureblob
- amazonsdk
- googlecloud
- alibabacloud
- azurefiles
- smb
- box
- onedrive
