Deployment Using Helm
The Kubernetes deployment for MetaDefender Storage Security can be performed directly using the provided Helm chart, which is available in our public GitHub repository here.
Example configuration files for different environments are provided in the helm_charts directory within the repository.
Using the helm repository
The GitHub repository can be used directly as a Helm repository:
helm repo add mdk8s https://opswat.github.io/metadefender-k8s/helm repo update mdk8s#Example installation commandhelm install mdss mdk8s/metadefender_storage_security -f <CUSTOM_VALUES_FILE.yml>Alternatively, the repository can be cloned locally:
git clone https://github.com/OPSWAT/metadefender-k8s.git metadefendercd metadefender/helm_carts#Example installation commandhelm install mdss ./mdss -f <CUSTOM_VALUES_FILE.yml>Storage
MDSS containers are stateless and do not require persistent storage.
However, if deploying the PostgreSQL database within the cluster, it is recommended to use persistent storage managed by your cloud provider.
An external database can be configured using the following values:
mdss-common-environment POSTGRESQL_URL"Host=postgres;Port=5432;Username=user;Password=password;Database=dbName"When using an external database not deployed via the MDSS chart, the deploy_with_mdss_db value must be set to false to prevent the chart from deploying an additional database.
Exposing MDSS
By default, the Helm chart deploys a ClusterIP service for the MDSS deployment.
This can be changed to any service type supported by your Kubernetes cluster.
For example, to create a LoadBalancer service, overwrite the service_type value in the webclient component:
mdss_components webclient service_typeLoadBalancerMDSS can also be exposed using an Ingress:
mdss_ingress host<APP_NAMESPACE>-mdss.k8s # Hostname for the publicly accessible ingress, the `<APP_NAMESPACE>` string will be replaced with the namespace where the chart is deployed enabledtrue # Enable or disable the ingress creation classnginx # Sets the ingress class depending on the installed ingress controllerFlexible deployment
By default, the Helm chart deploys MDSS with support for the following storage units: azureblob, amazonsdk, googlecloud, alibabacloud, azurefiles, and box.
For more efficient resource utilization, you can specify only the required storage units by modifying the ENABLED_MODULES value.
For instance, to enable support for only Azure, AWS, and GCP:
mdss-common-environment ENABLED_MODULES"azureblob,azurefiles,amazonsdk,googlecloud"Supported modules
Currently supported modules include:
azureblobamazonsdkgooglecloudalibabacloudazurefilessmbboxgraph
