diff --git a/README.md b/README.md
index 7f0d3dc..efc7a14 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@
Contributing
@@ -67,6 +68,19 @@ To get a local copy up and running follow these simple example steps.
For provision in AWS follow this [doc](https://docs.opswat.com/mdcore/cloud-deployment/metadefender-core-provisioned-in-aws-eks)
For install MD Core in an already created cluster follow this [doc](https://docs.opswat.com/mdcore/kubernetes-configuration/metadefender-core-in-your-already-created-k8s)
+### Release Notes
+
+*Sep 6, 2023*
+
+##### New
+
+- Resource requests and limits for each pod of MetaDefender for Secure Storage
+- Readiness Probe using health check for MetaDefender Core
+
+##### Fixed
+- Azure PostgreSQL set up when using MetaDefender K8S script
+- Deployment template when enabling TLS of MetaDefender Core
+
(back to top)
diff --git a/helm_charts/icap/Chart.yaml b/helm_charts/icap/Chart.yaml
index 7819eff..494d9bc 100644
--- a/helm_charts/icap/Chart.yaml
+++ b/helm_charts/icap/Chart.yaml
@@ -1,8 +1,8 @@
apiVersion: v2
name: MetaDefender_ICAP_Server
type: application
-version: 5.2.0
-appVersion: 5.2.0
+version: 5.2.1
+appVersion: 5.2.1
home: https://docs.opswat.com/mdicap/installation
keywords:
- mdicapsrv
diff --git a/helm_charts/icap/values.yaml b/helm_charts/icap/values.yaml
index 0459dfa..a9668d0 100644
--- a/helm_charts/icap/values.yaml
+++ b/helm_charts/icap/values.yaml
@@ -111,7 +111,7 @@ icap_components:
cpu: "100m" # Maximum cpu limit
name: md-icapsrv
# Overrides the default docker image for the MD ICAP Server service, this value can be changed if you want to set a different version of MD ICAP Server
- image: opswat/metadefendericapsrv-debian:5.2.0
+ image: opswat/metadefendericapsrv-debian:5.2.1
# Warning: When to use this feature!
# Sets the number of replicas if you want to have multiple MD ICAP Server instances
replicas: 1
diff --git a/helm_charts/mdcore-gcloud-sidecarproxy-values.yml b/helm_charts/mdcore-gcloud-sidecarproxy-values.yml
index 24d436d..19651e1 100644
--- a/helm_charts/mdcore-gcloud-sidecarproxy-values.yml
+++ b/helm_charts/mdcore-gcloud-sidecarproxy-values.yml
@@ -57,24 +57,6 @@ core_components:
replicas: 1
initContainers: null
sidecars:
- - name: activation-manager
- image: opswat/md-activation-manager
- envFrom:
- - configMapRef:
- name: mdcore-env
- env:
- - name: APIKEY
- valueFrom:
- secretKeyRef:
- name: mdcore-api-key
- key: value
- - name: LICENSE_KEY
- valueFrom:
- secretKeyRef:
- name: mdcore-license-key
- key: value
- - name: MDCORE_BASE_URL
- value: http://localhost
- name: cloud-sql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:latest
command:
diff --git a/helm_charts/mdcore/Chart.yaml b/helm_charts/mdcore/Chart.yaml
index 102a955..314b85c 100644
--- a/helm_charts/mdcore/Chart.yaml
+++ b/helm_charts/mdcore/Chart.yaml
@@ -42,4 +42,4 @@ long_description: |
type: application
-version: 5.5.0
+version: 5.5.0-0
diff --git a/helm_charts/mdcore/templates/config-template.yml b/helm_charts/mdcore/templates/config-template.yml
index d9d6a88..3cc698e 100644
--- a/helm_charts/mdcore/templates/config-template.yml
+++ b/helm_charts/mdcore/templates/config-template.yml
@@ -309,31 +309,3 @@ data:
echo "MD HUB not loaded, skipping..."
{{- end }}
-
-
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: activation-manager
-data:
- monitor-activation.sh: |
- #!/bin/bash
-
- stop() {
- echo 'Deactivating using activation server API'
- curl -k -X GET "https://$ACTIVATION_SERVER/deactivation?key=$LICENSE_KEY&deployment=$DEPLOYMENT"
- exit 0
- }
- trap stop TERM INT QUIT
-
- until ! [[ -z "$DEPLOYMENT" ]]; do
- echo 'Checking...'
- export DEPLOYMENT=$(curl --silent -H "apikey: $APIKEY" "$MDCORE_BASE_URL:$REST_PORT/admin/license" | jq -r ".deployment")
- echo "Deployment ID: $DEPLOYMENT"
- sleep 1
- done
- echo "Waiting for termination signal..."
- while true; do sleep 1; done
- echo "MD Core pod finished, exiting"
- exit 0
\ No newline at end of file
diff --git a/helm_charts/mdcore/templates/deployments-template.yml b/helm_charts/mdcore/templates/deployments-template.yml
index 40bca94..f505cb9 100644
--- a/helm_charts/mdcore/templates/deployments-template.yml
+++ b/helm_charts/mdcore/templates/deployments-template.yml
@@ -37,6 +37,7 @@ spec:
{{- else -}}
image: {{ $component.image | quote }}
{{- end }}
+ imagePullPolicy: {{ $.Values.imagePullPolicy }}
{{- if $component.env }}
env:
{{- toYaml $component.env | nindent 12 }}
@@ -52,6 +53,14 @@ spec:
livenessProbe:
{{- toYaml $component.livenessProbe | nindent 12 }}
{{- end }}
+ {{- if $component.startupProbe }}
+ startupProbe:
+ {{- toYaml $component.startupProbe | nindent 12 }}
+ {{- end }}
+ {{- if $component.readinessProbe }}
+ readinessProbe:
+ {{- toYaml $component.readinessProbe | nindent 12 }}
+ {{- end }}
{{- if $component.command }}
command:
{{- toYaml $component.command | nindent 12 }}
@@ -136,8 +145,8 @@ spec:
{{ end }}
{{- if $component.extraVolumes -}}
{{- range $volumeLabel, $volume := $component.extraVolumes }}
- -
- {{- toYaml $volume | nindent 8 }}
+ -
+ {{- toYaml $volume | nindent 10 }}
{{- end }}
{{- end }}
{{- end }}
diff --git a/helm_charts/mdcore/values.yaml b/helm_charts/mdcore/values.yaml
index 6f7263a..831b150 100644
--- a/helm_charts/mdcore/values.yaml
+++ b/helm_charts/mdcore/values.yaml
@@ -101,6 +101,8 @@ core_ingress:
# imagePullSecrets:
# - name: regcred
+imagePullPolicy: IfNotPresent
+
# Docker repo to use, this should be changed when using private images (this string will be prepended to the image name)
# If a component has "custom_repo: true" then the image name will be formated as "{docker_repo/}image_name{:BRANCH}" otherwise it will remain unaltered
core_docker_repo: opswat
@@ -132,7 +134,7 @@ core_components:
md-core:
name: md-core
- image: opswat/metadefendercore-debian:5.4.0 # Overrides the default docker image for the MD Core service, this value can be changed if you want to set a different version of MD Core
+ image: opswat/metadefendercore-debian:latest # Overrides the default docker image for the MD Core service, this value can be changed if you want to set a different version of MD Core
replicas: 1 # Sets the number of replicas if you want to have multiple MD Core instances
env:
- name: MD_USER
@@ -195,6 +197,14 @@ core_components:
limits:
memory: "8Gi" # Maximum memory limit
cpu: "8.0" # Maximum cpu limit
+ readinessProbe:
+ httpGet:
+ # scheme: HTTPS
+ path: /readyz # Health check endpoint
+ port: 8008
+ initialDelaySeconds: 60 # Number of seconds after the container has started before startup, liveness or readiness probes are initiated. Defaults to 0 seconds. Minimum value is 0.
+ periodSeconds: 10 # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ timeoutSeconds: 10 # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1.
livenessProbe:
httpGet:
# scheme: HTTPS
@@ -214,38 +224,9 @@ core_components:
configMap:
name: wait-for-hub-services
defaultMode: 0777
- activationManagerScript:
- name: activation-manager
- configMap:
- name: activation-manager
- defaultMode: 0777
- sidecars: # Configuration for the activation-manager sidecar
- - name: activation-manager
- image: opswat/metadefendercore-debian:5.4.0
- envFrom:
- - configMapRef:
- name: mdcore-env
- env:
- - name: APIKEY
- valueFrom:
- secretKeyRef:
- name: mdcore-api-key
- key: value
- - name: LICENSE_KEY
- valueFrom:
- secretKeyRef:
- name: mdcore-license-key
- key: value
- - name: MDCORE_BASE_URL
- value: http://localhost
- command: [ '/monitor-activation.sh' ]
- volumeMounts:
- - name: activation-manager
- mountPath: /monitor-activation.sh
- subPath: monitor-activation.sh
initContainers:
- name: check-db-ready
- image: opswat/metadefendercore-debian:5.4.0
+ image: opswat/metadefendercore-debian:latest
envFrom:
- configMapRef:
name: mdcore-env
@@ -253,7 +234,7 @@ core_components:
'until pg_isready -h $DB_HOST -p $DB_PORT;
do echo waiting for database; sleep 2; done;']
- name: wait-for-hub-services
- image: opswat/metadefendercore-debian:5.4.0
+ image: opswat/metadefendercore-debian:latest
command: [ '/wait-for-hub-services.sh' ]
volumeMounts:
- name: wait-for-hub-services
@@ -261,7 +242,7 @@ core_components:
subPath: wait-for-hub-services.sh
#========================================== MDHUB MODULE ==========================================
md-hub:
- image: opswat/mdhub-debian:1.1.0
+ image: opswat/mdhub-debian:latest
name: md-hub
module_name: mdhub
ports:
@@ -288,7 +269,7 @@ core_components:
subPath: wait-for-hub-services.sh
md-nas:
- image: opswat/mdnas-debian:1.1.0
+ image: opswat/mdnas-debian:latest
name: md-nas
module_name: mdhub
ports:
diff --git a/helm_charts/mdicapsrv-README.md b/helm_charts/mdicapsrv-README.md
index 874cad7..ca30971 100644
--- a/helm_charts/mdicapsrv-README.md
+++ b/helm_charts/mdicapsrv-README.md
@@ -144,6 +144,8 @@ The following table lists the configurable parameters of the Metadefender ICAP c
- To have a file "mdicapsrv-config.json" correctly, please install a MD ICAP Server, do configuration setting then use export feature to get the json config file.
- Please specific value of the secret template file for enable HTTPS, ICAPS or NGINXs. Need to mapping the key of the secret HTTPS, ICAPS and NGINXS with `*.certSecretSubPath` and `*.certKeySecretSubPath`
## Release note
+### v5.2.1
+- Integration with My OPSWAT portal.
### v5.2.0
- Feature upload certificates
- Remove import targets: certs, ssl
diff --git a/helm_charts/mdss-resource-limitation.yml b/helm_charts/mdss-resource-limitation.yml
new file mode 100644
index 0000000..ace6dc8
--- /dev/null
+++ b/helm_charts/mdss-resource-limitation.yml
@@ -0,0 +1,429 @@
+
+
+mdss_components:
+ mongodb:
+ resources:
+ requests:
+ memory: "2Gi"
+ cpu: "0.5"
+ limits:
+ memory: "4.0Gi"
+ cpu: "2.000"
+
+ mongomigrations:
+ resources:
+ requests:
+ memory: "0.125Gi"
+ cpu: "0.010"
+ limits:
+ memory: "0.5Gi"
+ cpu: "0.100"
+
+ rabbitmq:
+ resources:
+ requests:
+ memory: "0.5Gi"
+ cpu: "0.5"
+ limits:
+ memory: "1.5Gi"
+ cpu: "1.000"
+
+ redis:
+ resources:
+ requests:
+ memory: "0.125Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.500"
+
+ licensingservice:
+ resources:
+ requests:
+ memory: "0.125Gi"
+ cpu: "0.010"
+ limits:
+ memory: "0.5Gi"
+ cpu: "0.100"
+
+ discoveryservice:
+ resources:
+ requests:
+ memory: "0.5Gi"
+ cpu: "1.000"
+ limits:
+ memory: "1.5Gi"
+ cpu: "2.000"
+
+ scanningservice:
+ resources:
+ requests:
+ memory: "1Gi"
+ cpu: "0.500"
+ limits:
+ memory: "1.5Gi"
+ cpu: "1.000"
+
+ notificationservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ jobdispatcher:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.050"
+ limits:
+ memory: "0.5Gi"
+ cpu: "0.100"
+
+ securitychecklistservice:
+ resources:
+ requests:
+ memory: "0.125Gi"
+ cpu: "0.010"
+ limits:
+ memory: "0.5Gi"
+ cpu: "0.100"
+
+ loadbalancerservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.500"
+
+ loggingservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.050"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ remediationsservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.500"
+
+ storagesservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
+ limits:
+ memory: "0.5Gi"
+ cpu: "0.100"
+
+ workflowmanagerservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.500"
+
+ apigateway:
+ resources:
+ requests:
+ memory: "0.5Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.500"
+
+ webclient:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.500"
+
+ # ======================================= AMAZONSDK MODULE ================================================
+ discoveryamazonsdkservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "1.000"
+ limits:
+ memory: "1.5Gi"
+ cpu: "2.000"
+
+ remediationsservice-amazonsdk:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.500"
+
+ storagesservice-amazonsdk:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
+ limits:
+ memory: "0.5Gi"
+ cpu: "0.100"
+ # ======================================= AZUREBLOB MODULE ================================================
+ discoveryazureblobservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "1.000"
+ limits:
+ memory: "1.5Gi"
+ cpu: "2.000"
+
+ remediationsservice-azureblob:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.500"
+
+ storagesservice-azureblob:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
+ limits:
+ memory: "0.5Gi"
+ cpu: "0.100"
+ # ======================================= ALIBABACLOUD MODULE ================================================
+ discoveryalibabacloudservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "1.000"
+ limits:
+ memory: "1.5Gi"
+ cpu: "2.000"
+
+ remediationsservice-alibabacloud:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.500"
+
+ storagesservice-alibabacloud:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ # ======================================= GOOGLECLOUD MODULE ================================================
+ discoverygooglecloudservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "1.000"
+ limits:
+ memory: "1.5Gi"
+ cpu: "2.000"
+
+ remediationsservice-googlecloud:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.500"
+
+ storagesservice-googlecloud:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ # ======================================= BOX MODULE ================================================
+ discoveryboxservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "1.000"
+ limits:
+ memory: "1.5Gi"
+ cpu: "2.000"
+
+ remediationsservice-box:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.500"
+
+ storagesservice-box:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ # ======================================= AZUREFILES MODULE ================================================
+ discoveryazurefilesservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "1.000"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ remediationsservice-azurefiles:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ storagesservice-azurefiles:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ # ======================================= SMB MODULE ================================================
+ discoverysmbservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "1.000"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ remediationsservice-smb:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ storagesservice-smb:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ smbservice:
+ resources:
+ requests:
+ memory: "0.5Gi"
+ cpu: "0.500"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ # ======================================= ONEDRIVE MODULE ================================================
+ discoveryonedriveservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "1.000"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+ remediationsservice-onedrive:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+
+ storagesservice-onedrive:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+
+ # ======================================= SFTP MODULE ================================================
+ discoverysftpservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "1.000"
+ limits:
+ memory: "1.5Gi"
+ cpu: "2.000"
+
+
+ remediationsservice-sftp:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.500"
+
+
+ storagesservice-sftp:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
+ limits:
+ memory: "1.5Gi"
+ cpu: "0.100"
+
+
+ sftpservice:
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.500"
+ limits:
+ memory: "1.5Gi"
+ cpu: "1.000"
+
\ No newline at end of file
diff --git a/helm_charts/mdss/Chart.yaml b/helm_charts/mdss/Chart.yaml
index eac30b8..c5eaa08 100644
--- a/helm_charts/mdss/Chart.yaml
+++ b/helm_charts/mdss/Chart.yaml
@@ -36,4 +36,4 @@ long_description: |
type: application
-version: 3.0.1
+version: 3.3.0-0
diff --git a/helm_charts/mdss/values.yaml b/helm_charts/mdss/values.yaml
index def85a6..3a4450e 100644
--- a/helm_charts/mdss/values.yaml
+++ b/helm_charts/mdss/values.yaml
@@ -150,7 +150,7 @@ ONBOARDING_FULL_NAME: null # Full name of user that will be created
# If a component has "custom_repo: true" then the image name will be formated as "{docker_repo/}image_name{:BRANCH}" otherwise it will remain unaltered
mdss_docker_repo: opswat
-imagePullPolicy: Always
+imagePullPolicy: IfNotPresent
mdss_config_map_env_name: 'mdss-env'
mdssHostAliases: # Custom hosts entries
@@ -168,6 +168,10 @@ mdss_components:
- port: 27017
persistentDir: /data/db
is_db: true
+ resources:
+ requests:
+ memory: "2Gi"
+ cpu: "0.5"
mongomigrations:
name: mongomigrations
@@ -176,6 +180,10 @@ mdss_components:
ports:
- port: 27777
persistentDir: /backup
+ resources:
+ requests:
+ memory: "0.125Gi"
+ cpu: "0.010"
rabbitmq:
name: rabbitmq
@@ -192,6 +200,10 @@ mdss_components:
value: /data/rabbitmq/advanced.config
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.5Gi"
+ cpu: "0.5"
redis:
name: redis
@@ -200,6 +212,10 @@ mdss_components:
- port: 6379
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.125Gi"
+ cpu: "0.100"
licensingservice:
name: licensingservice
@@ -209,6 +225,10 @@ mdss_components:
- port: 5000
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.125Gi"
+ cpu: "0.010"
discoveryservice:
name: discoveryservice
@@ -218,7 +238,8 @@ mdss_components:
aws-type: fargate
resources:
requests:
- memory: "0.25Gi"
+ memory: "0.5Gi"
+ cpu: "1.000"
scanningservice:
name: scanningservice
@@ -229,6 +250,7 @@ mdss_components:
resources:
requests:
memory: "1Gi"
+ cpu: "0.500"
notificationservice:
name: notificationservice
@@ -239,6 +261,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "0.010"
jobdispatcher:
name: jobdispatcher
@@ -249,6 +272,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "0.050"
securitychecklistservice:
name: securitychecklistservice
@@ -256,6 +280,10 @@ mdss_components:
image: "mdcloudservices_security-checklist"
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.125Gi"
+ cpu: "0.010"
loadbalancerservice:
name: loadbalancerservice
@@ -266,6 +294,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "0.100"
loggingservice:
name: loggingservice
@@ -276,6 +305,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "0.050"
remediationsservice:
name: remediationsservice
@@ -283,6 +313,10 @@ mdss_components:
image: mdcloudservices_remediations
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
storagesservice:
name: storagesservice
@@ -290,6 +324,10 @@ mdss_components:
image: mdcloudservices_storages
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
workflowmanagerservice:
name: workflowmanagerservice
@@ -297,6 +335,10 @@ mdss_components:
image: mdcloudservices_workflowmanager
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
apigateway:
name: apigateway
@@ -310,6 +352,10 @@ mdss_components:
- port: 80
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.5Gi"
+ cpu: "0.100"
webclient:
name: webclient
@@ -324,6 +370,10 @@ mdss_components:
subPath: default.conf
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
# ======================================= DEBUG MODULE ================================================
systemchecks:
@@ -352,6 +402,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "1.000"
remediationsservice-amazonsdk:
name: remediationsservice-amazonsdk
@@ -360,6 +411,10 @@ mdss_components:
image: mdcloudservices_remediationsamazonsdk
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
storagesservice-amazonsdk:
name: storagesservice-amazonsdk
@@ -368,6 +423,10 @@ mdss_components:
image: mdcloudservices_storagesamazonsdk
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
# ======================================= AZUREBLOB MODULE ================================================
discoveryazureblobservice:
name: discoveryazureblobservice
@@ -379,6 +438,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "1.000"
remediationsservice-azureblob:
name: remediationsservice-azureblob
@@ -387,6 +447,10 @@ mdss_components:
image: mdcloudservices_remediationsazureblob
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
storagesservice-azureblob:
name: storagesservice-azureblob
@@ -395,6 +459,10 @@ mdss_components:
image: mdcloudservices_storagesazureblob
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
# ======================================= ALIBABACLOUD MODULE ================================================
discoveryalibabacloudservice:
name: discoveryalibabacloudservice
@@ -406,6 +474,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "1.000"
remediationsservice-alibabacloud:
name: remediationsservice-alibabacloud
@@ -414,6 +483,10 @@ mdss_components:
image: mdcloudservices_remediationsalibabacloud
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
storagesservice-alibabacloud:
name: storagesservice-alibabacloud
@@ -422,6 +495,10 @@ mdss_components:
image: mdcloudservices_storagesalibabacloud
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
# ======================================= GOOGLECLOUD MODULE ================================================
discoverygooglecloudservice:
name: discoverygooglecloudservice
@@ -433,6 +510,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "1.000"
remediationsservice-googlecloud:
name: remediationsservice-googlecloud
@@ -441,6 +519,10 @@ mdss_components:
image: mdcloudservices_remediationsgooglecloud
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
storagesservice-googlecloud:
name: storagesservice-googlecloud
@@ -449,6 +531,10 @@ mdss_components:
image: mdcloudservices_storagesgooglecloud
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
# ======================================= BOX MODULE ================================================
discoveryboxservice:
name: discoveryboxservice
@@ -460,6 +546,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "1.000"
remediationsservice-box:
name: remediationsservice-box
@@ -468,6 +555,10 @@ mdss_components:
image: mdcloudservices_remediationsbox
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
storagesservice-box:
name: storagesservice-box
@@ -476,6 +567,10 @@ mdss_components:
image: mdcloudservices_storagesbox
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
# ======================================= AZUREFILES MODULE ================================================
discoveryazurefilesservice:
name: discoveryazurefilesservice
@@ -487,6 +582,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "1.000"
remediationsservice-azurefiles:
name: remediationsservice-azurefiles
@@ -495,6 +591,10 @@ mdss_components:
image: mdcloudservices_remediationsazurefiles
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
storagesservice-azurefiles:
name: storagesservice-azurefiles
@@ -503,6 +603,10 @@ mdss_components:
image: mdcloudservices_storagesazurefiles
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
# ======================================= SMB MODULE ================================================
discoverysmbservice:
name: discoverysmbservice
@@ -514,6 +618,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "1.000"
remediationsservice-smb:
name: remediationsservice-smb
@@ -522,6 +627,10 @@ mdss_components:
image: mdcloudservices_remediationssmb
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
storagesservice-smb:
name: storagesservice-smb
@@ -530,6 +639,10 @@ mdss_components:
image: mdcloudservices_storagessmb
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
smbservice:
name: smbservice
@@ -540,6 +653,10 @@ mdss_components:
- port: 5002
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.5Gi"
+ cpu: "0.500"
# ======================================= ONEDRIVE MODULE ================================================
discoveryonedriveservice:
name: discoveryonedriveservice
@@ -551,6 +668,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "1.000"
remediationsservice-onedrive:
name: remediationsservice-onedrive
@@ -559,6 +677,10 @@ mdss_components:
image: mdcloudservices_remediationsonedrive
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
storagesservice-onedrive:
name: storagesservice-onedrive
@@ -567,6 +689,10 @@ mdss_components:
image: mdcloudservices_storagesonedrive
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
# ======================================= SFTP MODULE ================================================
discoverysftpservice:
@@ -579,6 +705,7 @@ mdss_components:
resources:
requests:
memory: "0.25Gi"
+ cpu: "1.000"
remediationsservice-sftp:
name: remediationsservice-sftp
@@ -587,6 +714,10 @@ mdss_components:
image: mdcloudservices_remediationssftp
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.100"
storagesservice-sftp:
name: storagesservice-sftp
@@ -595,6 +726,10 @@ mdss_components:
image: mdcloudservices_storagessftp
extra_labels:
aws-type: fargate
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.010"
sftpservice:
name: sftpservice
@@ -608,3 +743,9 @@ mdss_components:
env:
- name: ASPNETCORE_URLS
value: http://+
+ resources:
+ requests:
+ memory: "0.25Gi"
+ cpu: "0.500"
+
+
diff --git a/metadefenderk8s.sh b/metadefenderk8s.sh
index d2ca69a..a44093f 100644
--- a/metadefenderk8s.sh
+++ b/metadefenderk8s.sh
@@ -413,7 +413,7 @@ function provisionAWS() {
askProceed
- terraform apply -auto-approve -var-file="variables/variables.tfvars" \
+ terraform apply -var-file="variables/variables.tfvars" \
-var="ACCESS_KEY_ID=$ACCESS_KEY_ID" \
-var="SECRET_ACCESS_KEY=$SECRET_ACCESS_KEY" \
-var="MD_CLUSTER_NAME=$cluster_name" \
@@ -443,7 +443,7 @@ function provisionAzure() {
askProceed
- terraform apply -auto-approve \
+ terraform apply \
-var="aks_service_principal_app_id=$ARM_CLIENT_ID" \
-var="aks_service_principal_client_secret=$ARM_CLIENT_SECRET" \
-var="cluster_name=$cluster_name" \
@@ -478,7 +478,7 @@ function provisionGCP() {
askProceed
- terraform apply -auto-approve \
+ terraform apply \
-var="gcloud_json_key_path=$GCP_JSON_CREDENTIALS_PATH" \
-var="deploy_cloud_sql=$externalDB" \
-var="cloud_sql_user=$db_user" \
diff --git a/terraform/azure/outputs.tf b/terraform/azure/outputs.tf
index c90546b..c8ec71d 100644
--- a/terraform/azure/outputs.tf
+++ b/terraform/azure/outputs.tf
@@ -36,14 +36,14 @@ output "db_connections_string" {
}
output "db_server_fqdn_postgres" {
- value = "${var.deploy_postgres_db == "false" ? azurerm_postgresql_flexible_server.postgredb.*.fqdn[0] : null}"
+ value = var.deploy_postgres_db ? azurerm_postgresql_flexible_server.postgredb.*.fqdn[0] : null
sensitive = true
}
output "db_server_name_postgres" {
- value = "${var.deploy_postgres_db == "false" ? azurerm_postgresql_flexible_server.postgredb.*.name[0] : null}"
+ value = var.deploy_postgres_db ? azurerm_postgresql_flexible_server.postgredb.*.name[0] : null
sensitive = true
}
output "db_server_username_postgres" {
- value = "${var.deploy_postgres_db == "false" ? azurerm_postgresql_flexible_server.postgredb.*.administrator_login[0] : null}"
+ value = var.deploy_postgres_db ? azurerm_postgresql_flexible_server.postgredb.*.administrator_login[0] : null
sensitive = true
}
\ No newline at end of file