Modify the deploy script to use your own cluster and certificates as needed. If you don’t require self-signed certs, you
can remove the entire portion with openssl and jump directly to adding your certificates as Kubernetes secrets.
Check
deployment.yaml and place the real apikey (if you plan to use MetaDefender Cloud), or just remove that
environment variable entirely if it is not going to be used. You can also set the apikey in the config file, if you prefer to
have it hardcoded in the container image, instead of passing it as an environment variable.
Kubernetes
First, you’re required to build a container. There’s a Dockerfile in the repo, that you can use to build the container and
push it to your registry.
Once you have it, you will have to modify deployment.yaml and specify your own container image.
Also, check the deploy.sh script. It was built specifically for Google Cloud to leverage GKE (Google Kubernetes En-
gine). But it can be easilyadapted to run in any Kubernetes supported environment.
The GCP specific part is building the cluster and (if needed) the static IP.
Integration with MetaDefender Cloud
For MetaDefender Cloud you’ll just need to grab the apikey from portal.opswat.com
or metadefender.opswat.com/account.
Set that apikey in the config file (or pass it as an environment variable) and set the integration type to cloud - and you
are done.
There aren’t any configurations required on the MetaDefender Cloud side. The integration will automatically call
MetaDefender Cloud API with sanitization rule enabled.
Integration with MetaDefender Core
In the config.yml you need to specify that the middleware will connect to MetaDefender Core by setting
api.type: core and specifying the correct path to MetaDefender Core REST API in url.core.
Other than that, you can rely on the existing Workflow Rule in MetaDefender Core. It is recommended to enable the
following:
• Archive processing: this will increase the detection ratio, including for productivity files (Docx, Xlsx, etc.).
• Multiscanning: you can configure the maximum allowed file size for scanning and additional parameters for the
scanning process.
• Deep CDR: we strongly recommend to check “Enable for all file types” and “Block files if sanitization fails or
times out” (high probability that the failure is caused by invalid file structure):