Configuration on K8S

Storage and Database

MetaDefender ICAP Server container is stateless and do not require persistent storage. However in case it is needed in any scenario here is how you can configure it

YAML
Copy

Also, if deploying the PostgreSQL database within the cluster, it is recommended to use persistent storage managed by your cloud provider.

YAML
Copy

An remote database can be configured using the following values:

YAML
Copy

When using an external database not deployed via the MDSS chart, the postgres_mdicapsrv:

value must be set to false to prevent the chart from deploying an additional database.

YAML
Copy

Resource Definition

To indicate the resources to allocate to the MetaDefender ICAP container. Limits are optional.

YAML
Copy

Exposing MetaDefender ICAP Server

Service Configuration

Ingress Configuration

Proxy configuration

MetaDefender ICAP Server container needs to access to internet for activating the application. In case of needed to use a proxy this is the way to configure it

YAML
Copy

Security Context

To indicate different security context to adapt the container to the environment security policies

YAML
Copy

Syslog configuration

MetaDefender ICAP Server support to send the syslog to a server. This is the way to configure it for the application

  • ICAP it is using ICAP_CONF_JSON environment variable (This example uses Elastic)
    • Example: ICAP_CONF_JSON: '{"logger/cef": "true","logger/syslog": "tcp://eck-stack-eck-logstash-ls-tcp.elastic-system:5088","logger/syslog_level": "info"}'

Custom service account

YAML
Copy

Non-root access on Kubernetes

  • Modify UID:GID to run as non-root
  • create file override.values.yaml to override default value
Bash
Copy
  • Deploy the helm chart with override values
Bash
Copy

Other Configuration Options

Check the table with all the configuration options listed in this page

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard