--- # Source: clamav/templates/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: clamav namespace: clamav labels: helm.sh/chart: clamav-0.1.0 app.kubernetes.io/name: clamav app.kubernetes.io/instance: clamav app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubezero data: clamd.conf: | LogTime yes LogClean yes LogSyslog no LogVerbose no LogFileMaxSize 0 LogFile /dev/stdout DatabaseDirectory /var/lib/clamav TCPSocket 3310 LocalSocket /run/clamav/clamd.sock User clamav ExitOnOOM yes Foreground yes MaxScanSize 100M MaxFileSize 20M # Close the connection when the data size limit is exceeded. # The value should match your MTA's limit for a maximum attachment size. # Default: 25M StreamMaxLength 100M # Maximum length the queue of pending connections may grow to. # Default: 200 MaxConnectionQueueLength 100 # Maximum number of threads running at the same time. # Default: 10 MaxThreads 4 # This option specifies how long to wait (in milliseconds) if the send buffer # is full. # Keep this value low to prevent clamd hanging. # # Default: 500 SendBufTimeout 500 freshclam.conf: | LogTime yes LogVerbose yes NotifyClamd /etc/clamav/clamd.conf Checks 24 LogSyslog no DatabaseOwner root DatabaseMirror database.clamav.net --- # Source: clamav/templates/service.yaml apiVersion: v1 kind: Service metadata: name: clamav namespace: clamav labels: helm.sh/chart: clamav-0.1.0 app.kubernetes.io/name: clamav app.kubernetes.io/instance: clamav app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubezero spec: ports: - port: 3310 targetPort: 3310 protocol: TCP name: clamav selector: app.kubernetes.io/name: clamav app.kubernetes.io/instance: clamav --- # Source: clamav/templates/clamav.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: clamav namespace: clamav labels: helm.sh/chart: clamav-0.1.0 app.kubernetes.io/name: clamav app.kubernetes.io/instance: clamav app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubezero spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: clamav app.kubernetes.io/instance: clamav serviceName: clamav template: metadata: labels: app.kubernetes.io/name: clamav app.kubernetes.io/instance: clamav annotations: checksum/config: 461412fe732118123a89af8c9a06380a9547b63aa117fa7b338e347aa4b3d8e9 spec: containers: - name: clamav image: "clamav/clamav:unstable_base" ports: - containerPort: 3310 name: clamav protocol: TCP # Give clamav up to 300s to get CVDs in place etc. startupProbe: exec: command: - /usr/local/bin/clamdcheck.sh failureThreshold: 30 periodSeconds: 10 livenessProbe: exec: command: - /usr/local/bin/clamdcheck.sh failureThreshold: 2 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 3 readinessProbe: exec: command: - /usr/local/bin/clamdcheck.sh initialDelaySeconds: 90 failureThreshold: 2 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 3 resources: limits: cpu: 1500m ephemeral-storage: 1000M memory: 2000M requests: cpu: 300m ephemeral-storage: 500M memory: 1300M volumeMounts: - mountPath: /var/lib/clamav name: signatures - mountPath: /etc/clamav name: config-volume #securityContext: # runAsNonRoot: true volumes: - name: config-volume configMap: name: clamav volumeClaimTemplates: - metadata: name: signatures spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 2Gi