Installation
v5.12.0
Search this version
Installation
Installation
Containerized Deployment
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
Configuration on K8S
Copy Markdown
Open in ChatGPT
Open in Claude
Storage and Database
MetaDefender ICAP Server container is stateless and do not require persistent storage. However in case it is needed in any scenario here is how you can configure it
YAML
x
extra_storage_configs: # Example for creating PVC for ICAP container. Use extraVolumeMounts and extraVolumes in icap container definition together with this PVC extra_pvc: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: icap-disk-pvc spec: accessModes: - ReadWriteMany resources: requests: storage: 5Gi storageClassName: azurefileicap_container_persistent: false # To enable for mounting icap path /opt/mdicapsrv/icap_data/var/lib/mdicapsrv using below storage_configs pvcicap_components: md_icapsrv: extraVolumeMounts: - mountPath: <path_to_mount> # for icap migration from sqlite to postgresql needed to mount -> "/opt/mdicapsrv/icap_data/var/lib/mdicapsrv". From version 5.2.0 subPath: md_icapsrv # subpath with the mounted point name: icap-disk-pvc # name for the mounting point extraVolumes: - name: icap-disk-pvc persistentVolumeClaim: claimName: icap-disk-pvcAlso, if deploying the PostgreSQL database within the cluster, it is recommended to use persistent storage managed by your cloud provider.
YAML
db_user: postgres # PostgreSQL database username db_password: postgres # PostgreSQL database password, if not set it will be randomly generated# Support customize the database name. Default is `metadefender_icapsrv`db_name: metadefender_icapsrvpostgres_mdicapsrv: enabled: true name: postgres-mdicapsrv image: postgres:16.6 env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: mdicapsrv-postgres-cred key: password - name: POSTGRES_USER valueFrom: secretKeyRef: name: mdicapsrv-postgres-cred key: user ports: rest: 5432 service_type: ClusterIP# Example using a PVC with dynamic provisioning from an existing storage class for postgres_mdicapsrv containerstorage_configs: enabled: true accessModes: - ReadWriteOnce resources: requests: storage: 100Gi storageClassName: "default" # to change to you existing storage class allocated by your CSPAn remote database can be configured using the following values:
YAML
icap_components: md_icapsrv: database: db_mode: "4" # Database mode db_type: remote # Database type db_host: postgres-mdicapsrv # Hostname / entrypoint of the database, this value should be changed any if using an external database service db_port: "5432" # Port for the PostgreSQL DatabaseWhen using an external database not deployed via the MDSS chart, the postgres_mdicapsrv:
value must be set to false to prevent the chart from deploying an additional database.
YAML
postgres_mdicapsrv: enabled: trueResource Definition
To indicate the resources to allocate to the MetaDefender ICAP container. Limits are optional.
YAML
icap_components: md_icapsrv: resources: requests: memory: "2Gi" # Minimum reserved memory cpu: "2.0" # Minimum reserved cpu #limits: # memory: "4Gi" # Maximum memory limit # cpu: "4.0" # Maximum cpu limitExposing MetaDefender ICAP Server
Service Configuration
Ingress Configuration
Proxy configuration
MetaDefender ICAP Server container needs to access to internet for activating the application. In case of needed to use a proxy this is the way to configure it
YAML
proxy: enabled: true http_proxy: "" https_proxy: "" no_proxy: localhostSecurity Context
To indicate different security context to adapt the container to the environment security policies
YAML
securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: falseSyslog configuration
MetaDefender ICAP Server support to send the syslog to a server. This is the way to configure it for the application
- ICAP it is using ICAP_CONF_JSON environment variable (This example uses Elastic)
- Example: ICAP_CONF_JSON: '{"logger/cef": "true","logger/syslog": "tcp://eck-stack-eck-logstash-ls-tcp.elastic-system:5088","logger/syslog_level": "info"}'
Custom service account
YAML
icap_components: md_icapsrv: service_account_name: mdicapsrv-service-accountNon-root access on Kubernetes
- Modify UID:GID to run as non-root
- create file override.values.yaml to override default value
Bash
ACCEPT_EULA: falsemdicapsrv_user: admin # Initial admin user for the MD ICAP Server web interfacemdicapsrv_password: <password> # Initial admin password for the MD ICAP Server web interface, if not set it will be randomly generatedmdicapsrv_license_key: <SET_LICENSE_KEY_HERE> # A valid license key, **this value is mandatory**icap_components: md_icapsrv: securityContext: runAsUser: 1000 # Specify the UID of the user, id is 1000 runAsGroup: 1000 # Specify the GID of the group, id is 1000 runAsNonRoot: true allowPrivilegeEscalation: false- Deploy the helm chart with override values
Bash
helm upgrade --install mdicapsrv -n <namespace> -f override.values.yaml .Other Configuration Options
Check the table with all the configuration options listed in this page
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Last updated on
Was this page helpful?
Next to read:
Replication & HA on K8SDiscard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message
