AKS Cluster

This guide explains how to use the provisioning script provided by OPSWAT to create an Azure AKS and generate all the Kubernetes components needed to run MetaDefender Core and ICAP Server.

MetaDefenderK8S Script Details

  • GitHub Project metadefender-k8s --> Script path: ./metadefenderk8s.sh

  • Programming Language: Bash

  • Installation Pre-requisites for provisioning:

  • Azure Credentials

    • Set in your local environment variables the credentials of the IAM user under

      • ARM_CLIENT_ID
      • ARM_CLIENT_SECRET
      • ARM_SUBSCRIPTION_ID
      • ARM_TENANT_ID

    • ssh public key to used to access the cluster with kubectl. Default (~/.ssh/id_rsa.pub). Change from here

    • az login before running the script for the step of downloading the kubeconfig file for you

  • MetaDefender Core License Key (Required with --mdcore parameter)

    • Set it in your local environment variables the credentials under MDCORE_LICENSE_KEY

  • MetaDefender ICAP Server License Key (Required with --icap parameter)

    • Set it in your local environment variables the credentials under MDICAPSRV_LICENSE_KEY

How to run the script

MD Core + ICAP
Copy

The script will deploy a single Worker Node for the cluster where Azure VM size is Standard_F8s_v2 (8 vCPU & 16 GiB Memory). Each pod would need a minimum of 4 vCPU and 8 GiB Memory. To change the request to adapt each pod to the specific case go to values.yml To change the size of the node pool for having more MD ICAP Server replicas or install additional MetaDefender products go to terraform file terraform/azure/main.tf

Script Parameters

ParameterFlagsOptionsDefaultDescriptionRequired/Optional
Action
  • provision
  • install
Action to indicate the script if we want to provision (Create resources + install Core + ICAP) or install (Install Core + ICAP)Required
Location-l or --location
  • AWS
  • Azure
  • GCP
Where is going to be the K8S clusterRequired
MetaDefender Flag Installation

Combination of

  • --mdcore
  • --mdss
  • --icap
-Install MetaDefender ICAP Server in the cluster provisioned together with MetaDefender Core (mdcore flag is required)Required
Image Version--imagelatest 5.6.0latestMetaDefender ICAP Server image version to installOptional
Region--regionAzure RegionscentralusAWS region where all the resources will be provisionedOptional
Cluster Name--namemd-k8sName of the cluster that will be used for naming all the resourcesOptional
Number of Replicas--replicas[0-9]*1Number of replicas for MetaDefender ICAP Server serviceOptional
Namespace--namespace[A-Za-z]{1,10}Namespace where MetaDefender products will be installed in the K8S ClusterOptional Max Characters: 10

MetaDefender ICAP Server Flowchart Provisioning in Azure

The following flowchart represents how the provisioning script will configure the environment based on the options selected for provisioning Azure AKS.

Summary options to be selected

  1. Access to the K8S cluster. Generate Ingress or provide own access.

    1. An Ingress and an internal load balancer will be created per each product flag added as parameter to the script
    2. Own Access, you decide how to access to the cluster so it won't generate any ingress but will still create the internal load balancer for the product service deployed

  2. Have your own database or create new database

    1. Own database, will be asked if you want the script to set up the credentials and database host url for you or the script will just indicate the secrets to edit, later on by you, for connecting the MetaDefender ICAP Server with your database.
    2. Create new DB in K8S or external DB that for Azure we will provision a Azure PostgreSQL Flexible Server
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
On This Page
AKS ClusterMetaDefenderK8S Script DetailsHow to run the scriptScript ParametersMetaDefender ICAP Server Flowchart Provisioning in AzureSummary options to be selected