Procedure
- Create secrets with the registration token (replace your-v1-registration-token using
your v1-registration token):
kubectl create namespace visionone-filesecurity kubectl create secret generic token-secret --from-literal=registration-token="_your-v1-registration-token_" -n visionone-filesecurity kubectl create secret generic device-token-secret -n visionone-filesecurity
- Get secrets using following command: (should include two secrets
token-secretanddevice-token-secret)kubectl get secret -n visionone-filesecurity
- Download the Helm chart containing the scanner from the GitHub repository:
helm repo add visionone-filesecurity https://trendmicro.github.io/visionone-file-security-helm/ helm repo update
- If you wish you can verify that the helm chart has been signed and is valid:Download the public key file and import
curl -o public-key.asc https://trendmicro.github.io/visionone-file-security-helm/public-key.asc gpg --import public-key.asc
WARNING
The GnuPG v2 stores your secret keyring using a new format kbx on the default location ~/.gnupg/pubring.kbx. Please use the following command to convert your keyring to the legacy gpg format (Reference: Helm Provenance and Integrity)Verify that the chart has been signed and is validhelm pull --verify visionone-filesecurity/visionone-filesecurity
- Install the Helm Chart:Install the chart with the release name
my-releasehelm install my-release visionone-filesecurity/visionone-filesecurity -n visionone-filesecurity
- Verify that the scanner is working using the CLI.
Note
If you installed an SDK instead of the CLI, you can also verify if the scanner is running using the installed SDK. For more information see File Security SDK- Port the service to your local machine:
# Forward the ICAP port to your local machine kubectl port-forward -n visionone-filesecurity svc/my-releasevisionone-filesecurity-scanner 1344:1344./tmfs scan file:./eicar.com.txt --tls=false --endpoint=my-release-visionone-filesecurity-scanner:50051
- In a separate terminal, install the ICAP client and test the connection:
# Install c-icap-client (if not already installed) sudo apt-get install c-icap # Test file scanning c-icap-client -i localhost -p 1344 -s scan -v -f sample.txt -x "Xscan-file-name: sample.txt"
- Port the service to your local machine:
- Expose the ICAP Scanner Service using a Kubernetes loadBalance service.For detailed, step-by-step instructions, refer to the appropriate guide for yourdeployment: