Connect the ICAP Client outside K8s to ICAP on K8s

1. MetaDefender ICAP Server has already deploy to K8S environment by MetaDefender ICAP Server helm (refer to: Using your existing Kubernetes (K8S) cluster)

Option 1: using NGINX Ingress

Setup Metallb:

1. Clone metallb
2. update helm-bitnami/bitnami/metallb/values.yaml

3. install helm chart

helm install metallb .

4. make sure metallb is running

kubectl get pods | grep metallb

default       metallb-controller-5ffbcf4b7f-pnnj7      1/1     Running   0              10m

default       metallb-speaker-25j59

Setup NGINX ingress:

1. get ingress-nginx

git clone https://github.com/kubernetes/ingress-nginx.git

2. append below to values.yml

# Need to update it because default Nginx Ingress doesn't support TCP protocol

tcp:

  1344: "default/md-icapsrv:1344" #Exposing TCP service, <default> is the namespace install md-icapsrv 

  11344: "default/md-icapsrv:11344"

3. Helm install Nginx-ingress

$ helm install ingress-nginx .

4. Create file ingress.yml as below:

5. Create ingress resources on Kubernetes

6. Verify Metallb assign IP address external to Nginx-ingress

Option 2: Using NodePort

1. Update field service_type from ClusterIP to NodePort in values.yaml of ICAP helm and save to file update_nodeport_values.yml

3. Update config

4. make sure pod MetaDefender ICAP Server is running

For example: this case md-icapsrv-5df4bb8547-czp88 is running

5. Get service port with CLI

For example: the service port mapping ressult:

• 8048:31988/TCP
• 1344:32233/TCP
• 11344:32568/TCP

6. Check the MetaDefender ICAP Server is running on the worker node

7. Describe pod md-icapsrv-5df4bb8547-czp88 to get the IP address

8. ICAP Client will connect to MetaDefender ICAP Server via below IP and Port