Kubernetes deployment

Install using the Helm chart

The MDSSC k8s deployment can be performed directly using the provided helm chart in our public GitHub repo here and example configuration files for different environments are provided in the helm_charts directory.

For system requirements and sizing considerations, please refer to the Sizing Guide | Kubernetes Deplyoment.

Using the helm repository

The GitHub repository can be used directly as a helm repo:

Bash
    
​x
 
helm repo add mdk8s https://opswat.github.io/metadefender-k8s/helm repo update mdk8s​#Example installation commandhelm install mdssc mdk8s/metadefender_software_supply_chain -f <CUSTOM_VALUES_FILE.yml>
Copy

Or the repository can be cloned locally:

Bash
    
 
git clone https://github.com/OPSWAT/metadefender-k8s.git metadefendercd metadefender/helm_carts​#Example installation commandhelm install mdssc ./mdssc -f <CUSTOM_VALUES_FILE.yml>
Copy

Storage

MDSSC containers are stateless and don't require any persistent storage. If the MongoDB database is deployed in the cluster, then it's recommended to use persistent storage managed by a cloud provider. The external database can be configured from the values:

YAML
    
 
mdssc-common-environment:  MONGO_URL: "mongodb://<MONGODB_HOST>:<MONGODB_PORT>/MDCS"
Copy

When using an external database that is not deployed from the MDSSC chart, the deploy_with_mdssc_db value has to be set to false in order to not deploy an additional database from the chart.

Exposing MDSSC

By default, the helm chart deploys a ClusterIP service for MD Core and this can be changed to any service type supported by the Kubernetes cluster. For example, a LoadBalancerservice type can be created by overwriting the service_type value in the webclientcomponent:

YAML
    
 
mdssc_components:  frontend:    service_type: LoadBalancer
Copy

MDSSC can also be exposed using an ingress:

YAML
    
mdssc_ingress:  host: <APP_NAMESPACE>-mdssc.k8s  # Hostname for the publicly accessible ingress, the `<APP_NAMESPACE>` string will be replaced with the namespace where the chart is deployed  enabled: true                     # Enable or disable the ingress creation  class: nginx                      # Sets the ingress class depending on the installed ingress controller
Copy

Last updated on

Was this page helpful?