168 lines
4.1 KiB
YAML
168 lines
4.1 KiB
YAML
---
|
|
# Source: clamav/templates/configmap.yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: clamav
|
|
namespace: clamav
|
|
labels:
|
|
helm.sh/chart: clamav-0.1.0
|
|
app.kubernetes.io/name: clamav
|
|
app.kubernetes.io/instance: clamav
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/part-of: kubezero
|
|
data:
|
|
clamd.conf: |
|
|
LogTime yes
|
|
LogClean yes
|
|
LogSyslog no
|
|
LogVerbose no
|
|
LogFileMaxSize 0
|
|
LogFile /dev/stdout
|
|
DatabaseDirectory /var/lib/clamav
|
|
TCPSocket 3310
|
|
LocalSocket /run/clamav/clamd.sock
|
|
User clamav
|
|
ExitOnOOM yes
|
|
Foreground yes
|
|
MaxScanSize 100M
|
|
MaxFileSize 20M
|
|
|
|
# Close the connection when the data size limit is exceeded.
|
|
# The value should match your MTA's limit for a maximum attachment size.
|
|
# Default: 25M
|
|
StreamMaxLength 100M
|
|
|
|
# Maximum length the queue of pending connections may grow to.
|
|
# Default: 200
|
|
MaxConnectionQueueLength 100
|
|
|
|
# Maximum number of threads running at the same time.
|
|
# Default: 10
|
|
MaxThreads 4
|
|
|
|
# This option specifies how long to wait (in milliseconds) if the send buffer
|
|
# is full.
|
|
# Keep this value low to prevent clamd hanging.
|
|
#
|
|
# Default: 500
|
|
SendBufTimeout 500
|
|
|
|
freshclam.conf: |
|
|
LogTime yes
|
|
LogVerbose yes
|
|
NotifyClamd /etc/clamav/clamd.conf
|
|
Checks 24
|
|
LogSyslog no
|
|
DatabaseOwner root
|
|
DatabaseMirror database.clamav.net
|
|
---
|
|
# Source: clamav/templates/service.yaml
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: clamav
|
|
namespace: clamav
|
|
labels:
|
|
helm.sh/chart: clamav-0.1.0
|
|
app.kubernetes.io/name: clamav
|
|
app.kubernetes.io/instance: clamav
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/part-of: kubezero
|
|
spec:
|
|
ports:
|
|
- port: 3310
|
|
targetPort: 3310
|
|
protocol: TCP
|
|
name: clamav
|
|
selector:
|
|
app.kubernetes.io/name: clamav
|
|
app.kubernetes.io/instance: clamav
|
|
---
|
|
# Source: clamav/templates/clamav.yaml
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: clamav
|
|
namespace: clamav
|
|
labels:
|
|
helm.sh/chart: clamav-0.1.0
|
|
app.kubernetes.io/name: clamav
|
|
app.kubernetes.io/instance: clamav
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/part-of: kubezero
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: clamav
|
|
app.kubernetes.io/instance: clamav
|
|
serviceName: clamav
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: clamav
|
|
app.kubernetes.io/instance: clamav
|
|
annotations:
|
|
checksum/config: 461412fe732118123a89af8c9a06380a9547b63aa117fa7b338e347aa4b3d8e9
|
|
spec:
|
|
containers:
|
|
- name: clamav
|
|
image: "clamav/clamav:unstable_base"
|
|
ports:
|
|
- containerPort: 3310
|
|
name: clamav
|
|
protocol: TCP
|
|
# Give clamav up to 300s to get CVDs in place etc.
|
|
startupProbe:
|
|
exec:
|
|
command:
|
|
- /usr/local/bin/clamdcheck.sh
|
|
failureThreshold: 30
|
|
periodSeconds: 10
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- /usr/local/bin/clamdcheck.sh
|
|
failureThreshold: 2
|
|
periodSeconds: 30
|
|
successThreshold: 1
|
|
timeoutSeconds: 3
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- /usr/local/bin/clamdcheck.sh
|
|
initialDelaySeconds: 90
|
|
failureThreshold: 2
|
|
periodSeconds: 30
|
|
successThreshold: 1
|
|
timeoutSeconds: 3
|
|
resources:
|
|
limits:
|
|
cpu: 1500m
|
|
ephemeral-storage: 1000M
|
|
memory: 2000M
|
|
requests:
|
|
cpu: 300m
|
|
ephemeral-storage: 500M
|
|
memory: 1300M
|
|
volumeMounts:
|
|
- mountPath: /var/lib/clamav
|
|
name: signatures
|
|
- mountPath: /etc/clamav
|
|
name: config-volume
|
|
#securityContext:
|
|
# runAsNonRoot: true
|
|
volumes:
|
|
- name: config-volume
|
|
configMap:
|
|
name: clamav
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: signatures
|
|
spec:
|
|
accessModes: [ "ReadWriteOnce" ]
|
|
resources:
|
|
requests:
|
|
storage: 2Gi
|