RELEASE_17 (#24)

README.md

@@ -10,6 +10,7 @@
       <ul>
         <li><a href="#prerequisites">Prerequisites</a></li>
         <li><a href="#installation">Installation</a></li>
+        <li><a href="#relese-notes">Release Notes</a></li>
       </ul>
     </li>
     <li><a href="#contributing">Contributing</a></li>
@@ -67,6 +68,19 @@ To get a local copy up and running follow these simple example steps.
  For provision in AWS follow this [doc](https://docs.opswat.com/mdcore/cloud-deployment/metadefender-core-provisioned-in-aws-eks)
  For install MD Core in an already created cluster follow this [doc](https://docs.opswat.com/mdcore/kubernetes-configuration/metadefender-core-in-your-already-created-k8s)
 
+### Release Notes
+
+*Sep 6, 2023*
+
+##### New
+
+- Resource requests and limits for each pod of MetaDefender for Secure Storage
+- Readiness Probe using health check for MetaDefender Core
+
+##### Fixed
+- Azure PostgreSQL set up when using MetaDefender K8S script
+- Deployment template when enabling TLS of MetaDefender Core
+
 <p align="right">(<a href="#top">back to top</a>)</p>
 
 

helm_charts/icap/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
 name: MetaDefender_ICAP_Server
 type: application
-version: 5.2.0
-appVersion: 5.2.0
+version: 5.2.1
+appVersion: 5.2.1
 home: https://docs.opswat.com/mdicap/installation
 keywords:
   - mdicapsrv

helm_charts/icap/values.yaml

@@ -111,7 +111,7 @@ icap_components:
             cpu: "100m"       # Maximum cpu limit
     name: md-icapsrv
     # Overrides the default docker image for the MD ICAP Server service, this value can be changed if you want to set a different version of MD ICAP Server
-    image: opswat/metadefendericapsrv-debian:5.2.0
+    image: opswat/metadefendericapsrv-debian:5.2.1
     # Warning: When to use this feature!
     # Sets the number of replicas if you want to have multiple MD ICAP Server instances
     replicas: 1

helm_charts/mdcore-gcloud-sidecarproxy-values.yml

@@ -57,24 +57,6 @@ core_components:
     replicas: 1
     initContainers: null
     sidecars:
-      - name: activation-manager
-        image: opswat/md-activation-manager
-        envFrom:
-          - configMapRef:
-              name: mdcore-env
-        env:
-          - name: APIKEY
-            valueFrom:
-              secretKeyRef:
-                name: mdcore-api-key
-                key: value
-          - name: LICENSE_KEY
-            valueFrom:
-              secretKeyRef:
-                name: mdcore-license-key
-                key: value
-          - name: MDCORE_BASE_URL
-            value: http://localhost
       - name: cloud-sql-proxy
         image: gcr.io/cloudsql-docker/gce-proxy:latest
         command:

helm_charts/mdcore/Chart.yaml

@@ -42,4 +42,4 @@ long_description: |
   
 type: application
 
-version: 5.5.0
+version: 5.5.0-0

helm_charts/mdcore/templates/config-template.yml

@@ -309,31 +309,3 @@ data:
     echo "MD HUB not loaded, skipping..."
 
     {{- end }}
-
-
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: activation-manager
-data:
-  monitor-activation.sh: |
-    #!/bin/bash
-
-    stop() {
-        echo 'Deactivating using activation server API'
-        curl -k -X GET "https://$ACTIVATION_SERVER/deactivation?key=$LICENSE_KEY&deployment=$DEPLOYMENT"
-        exit 0
-    }
-    trap stop TERM INT QUIT
-
-    until ! [[ -z "$DEPLOYMENT" ]]; do
-        echo 'Checking...'
-        export DEPLOYMENT=$(curl --silent -H "apikey: $APIKEY" "$MDCORE_BASE_URL:$REST_PORT/admin/license" | jq -r ".deployment")
-        echo "Deployment ID: $DEPLOYMENT"
-        sleep 1
-    done
-    echo "Waiting for termination signal..."
-    while true; do sleep 1; done
-    echo "MD Core pod finished, exiting"
-    exit 0

helm_charts/mdcore/templates/deployments-template.yml

@@ -37,6 +37,7 @@ spec:
           {{- else -}}
           image: {{ $component.image | quote }}
           {{- end }}
+          imagePullPolicy: {{ $.Values.imagePullPolicy }}
           {{- if $component.env }}
           env:
             {{- toYaml $component.env | nindent 12 }}
@@ -52,6 +53,14 @@ spec:
           livenessProbe:
             {{- toYaml $component.livenessProbe | nindent 12 }}
           {{- end }}
+          {{- if $component.startupProbe }}
+          startupProbe:
+            {{- toYaml $component.startupProbe | nindent 12 }}
+          {{- end }}
+          {{- if $component.readinessProbe }}
+          readinessProbe:
+            {{- toYaml $component.readinessProbe | nindent 12 }}
+          {{- end }}
           {{- if $component.command }}
           command: 
             {{- toYaml $component.command | nindent 12 }}
@@ -136,8 +145,8 @@ spec:
         {{ end }}
         {{- if $component.extraVolumes -}}
           {{- range $volumeLabel, $volume := $component.extraVolumes }}
-      -
-            {{- toYaml $volume | nindent 8 }}
+        -
+            {{- toYaml $volume | nindent 10 }}
           {{- end }}
         {{- end }}
       {{- end }}

helm_charts/mdcore/values.yaml

@@ -101,6 +101,8 @@ core_ingress:
 # imagePullSecrets:
 #   - name: regcred
 
+imagePullPolicy: IfNotPresent
+
 # Docker repo to use, this should be changed when using private images (this string will be prepended to the image name)
 # If a component has "custom_repo: true" then the image name will be formated as "{docker_repo/}image_name{:BRANCH}" otherwise it will remain unaltered
 core_docker_repo: opswat
@@ -132,7 +134,7 @@ core_components:
 
   md-core:
     name: md-core
-    image: opswat/metadefendercore-debian:5.4.0         # Overrides the default docker image for the MD Core service, this value can be changed if you want to set a different version of MD Core
+    image: opswat/metadefendercore-debian:latest         # Overrides the default docker image for the MD Core service, this value can be changed if you want to set a different version of MD Core
     replicas: 1                                         # Sets the number of replicas if you want to have multiple MD Core instances
     env:
       - name: MD_USER
@@ -195,6 +197,14 @@ core_components:
       limits:
         memory: "8Gi"                                    # Maximum memory limit
         cpu: "8.0"                                       # Maximum cpu limit
+    readinessProbe:
+      httpGet:
+        # scheme: HTTPS
+        path: /readyz                                    # Health check endpoint
+        port: 8008
+      initialDelaySeconds: 60                             #  Number of seconds after the container has started before startup, liveness or readiness probes are initiated. Defaults to 0 seconds. Minimum value is 0.
+      periodSeconds: 10                                   # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+      timeoutSeconds: 10                                  # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1.
     livenessProbe:
       httpGet:
         # scheme: HTTPS
@@ -214,54 +224,25 @@ core_components:
         configMap:
           name:  wait-for-hub-services
           defaultMode: 0777
-      activationManagerScript:
-        name: activation-manager
-        configMap:
-          name:  activation-manager
-          defaultMode: 0777
-    sidecars:                                           # Configuration for the activation-manager sidecar
-      - name: activation-manager
-        image: opswat/metadefendercore-debian:5.4.0
-        envFrom:
-          - configMapRef:
-              name: mdcore-env
-        env:
-          - name: APIKEY
-            valueFrom:
-              secretKeyRef:
-                name: mdcore-api-key
-                key: value
-          - name: LICENSE_KEY
-            valueFrom:
-              secretKeyRef:
-                name: mdcore-license-key
-                key: value
-          - name: MDCORE_BASE_URL
-            value: http://localhost
-        command: [ '/monitor-activation.sh' ]
-        volumeMounts:
-          - name:  activation-manager
-            mountPath: /monitor-activation.sh
-            subPath: monitor-activation.sh
     initContainers:
       - name: check-db-ready
-        image: opswat/metadefendercore-debian:5.4.0
+        image: opswat/metadefendercore-debian:latest
         envFrom:
           - configMapRef:
               name: mdcore-env
         command: ['sh', '-c', 
           'until pg_isready -h $DB_HOST -p $DB_PORT; 
           do echo waiting for database; sleep 2; done;']
       - name: wait-for-hub-services
-        image: opswat/metadefendercore-debian:5.4.0
+        image: opswat/metadefendercore-debian:latest
         command: [ '/wait-for-hub-services.sh' ]
         volumeMounts:
           - name:  wait-for-hub-services
             mountPath: /wait-for-hub-services.sh
             subPath: wait-for-hub-services.sh
 #========================================== MDHUB MODULE ==========================================
   md-hub:
-    image: opswat/mdhub-debian:1.1.0
+    image: opswat/mdhub-debian:latest
     name: md-hub
     module_name: mdhub
     ports:
@@ -288,7 +269,7 @@ core_components:
             subPath: wait-for-hub-services.sh
 
   md-nas:
-    image: opswat/mdnas-debian:1.1.0
+    image: opswat/mdnas-debian:latest
     name: md-nas
     module_name: mdhub
     ports:

helm_charts/mdicapsrv-README.md

@@ -144,6 +144,8 @@ The following table lists the configurable parameters of the Metadefender ICAP c
 - To have a file "mdicapsrv-config.json" correctly, please install a MD ICAP Server, do configuration setting then use export feature to get the json config file.
 - Please specific value of the secret template file for enable HTTPS, ICAPS or NGINXs. Need to mapping the key of the secret HTTPS, ICAPS and NGINXS with `*.certSecretSubPath` and `*.certKeySecretSubPath`
 ## Release note
+### v5.2.1
+- Integration with My OPSWAT portal.
 ### v5.2.0
 - Feature upload certificates
 - Remove import targets: certs, ssl