Views:

Procedure

  1. Create secrets with the registration token.
    Create secrets using the following commands: (replace _your-v1-registration-token_ using your v1-registration token): 
    kubectl create namespace visionone-filesecurity
kubectl create secret generic token-secret --from-literal=registration-token="_your-v1-registration-token_" -n visionone-filesecurity
kubectl create secret generic device-token-secret -n visionone-filesecurity
  2. Validate the serests:
    Get secrets using following command: (should include two secrets token-secret and device-token-secret)
    kubectl get secret -n visionone-filesecurity
  3. Download the Helm chart containing the scanner from the GitHub repository:
    helm repo add visionone-filesecurity https://trendmicro.github.io/visionone-file-security-helm/
helm repo update
  4. If you wish you can verify that the helm chart has been signed and is valid:
    Download the public key file and import
    curl -o public-key.asc https://trendmicro.github.io/visionone-file-security-helm/public-key.asc
gpg --import public-key.asc
    WARNING
    WARNING
    The GnuPG v2 stores your secret keyring using a new format kbx on the default location ~/.gnupg/pubring.kbx. Please use the following command to convert your keyring to the legacy gpg format (Reference: Helm Provenance and Integrity)
    Verify that the chart has been signed and is valid
    helm pull --verify visionone-filesecurity/visionone-filesecurity
  5. Install the Helm Chart:
    Install the chart with the release name my-release
    helm install my-release visionone-filesecurity/visionone-filesecurity -n visionone-filesecurity
  6. Download and install a File Security SDK or the File Security CLI.
    You need to install the SDK or CLI to retrieve the scan results from the scanner. For more information on installing the SDKs and CLI, see:
  7. Verify that the scanner is working using the CLI.
    Note
    Note
    If you installed an SDK instead of the CLI, you can also verify if the scanner is running using the installed SDK. For more information see File Security SDK
    1. Scan file from another pod using Trend Micro File Security CLI with service name as endpoint:
      ./tmfs scan file:./eicar.com.txt --tls=false --endpoint=my-release-visionone-filesecurity-scanner:50051