truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-15 11:10:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

NAS-121539 / 23.10 / Add ClamAV to community train (#1139)

Browse Source 
* add clamav

* add initial clamav

* update readmes

* move to community

* no need for hostnet

* change image

* remove redundant group

* add email

* bump common

* add metadata
This commit is contained in:
Stavros Kois
2023-05-09 14:07:05 +03:00
committed by GitHub
parent 2bf1b636d5
commit c0e65e77b3
18 changed files with 478 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
library/ix-dev/community/clamav/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../../common
version: 1.0.6
digest: sha256:2f1f31c15fb7f92db141a66adbb8d23a8598727730050a3883a211763a4e5472
generated: "2023-04-28T16:05:12.034666174+03:00"

26
library/ix-dev/community/clamav/Chart.yaml Normal file
View File

@@ -0,0 +1,26 @@
name: clamav
description: ClamAV is an open source (GPLv2) anti-virus toolkit.
annotations:
title: Clam AV
type: application
version: 1.0.0
apiVersion: v2
appVersion: '1.0.1'
kubeVersion: '>=1.16.0-0'
maintainers:
- name: truenas
url: https://www.truenas.com/
email: dev@ixsystems.com
dependencies:
- name: common
repository: file://../../../common
version: 1.0.6
home: https://www.clamav.net/
icon: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png
sources:
- https://docs.clamav.net/
- https://github.com/truenas/charts/tree/master/community/clamav
- https://www.clamav.net/
keywords:
- anti-virus
- clamav

5
library/ix-dev/community/clamav/README.md Normal file
View File

@@ -0,0 +1,5 @@
# ClamAV
[ClamAV](https://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
- App runs as `root` user

5
library/ix-dev/community/clamav/app-readme.md Normal file
View File

@@ -0,0 +1,5 @@
# ClamAV
[ClamAV](https://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
- App runs as `root` user

BIN
library/ix-dev/community/clamav/charts/common-1.0.6.tgz Normal file
View File

Binary file not shown.

7
library/ix-dev/community/clamav/ci/basic-values.yaml Normal file
View File

@@ -0,0 +1,7 @@
clamavStorage:
sigdb:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/sig-db
scandir:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/scan-dir

10
library/ix-dev/community/clamav/ci/milterd-values.yaml Normal file
View File

@@ -0,0 +1,10 @@
clamavStorage:
sigdb:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/sig-db
scandir:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/scan-dir
clamavConfig:
disableMilterd: false

10
library/ix-dev/community/clamav/ci/no-clamd-values.yaml Normal file
View File

@@ -0,0 +1,10 @@
clamavStorage:
sigdb:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/sig-db
scandir:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/scan-dir
clamavConfig:
disableClamd: true

10
library/ix-dev/community/clamav/ci/no-freshclamd-values.yaml Normal file
View File

@@ -0,0 +1,10 @@
clamavStorage:
sigdb:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/sig-db
scandir:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/scan-dir
clamavConfig:
disableFreshClamd: true

4
library/ix-dev/community/clamav/item.yaml Normal file
View File

@@ -0,0 +1,4 @@
icon_url: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png
categories:
- anti-virus
- clamav

18
library/ix-dev/community/clamav/metadata.yaml Normal file
View File

@@ -0,0 +1,18 @@
runAsContext:
- userName: root
groupName: root
gid: 0
uid: 0
description: ClamAV runs as root user.
capabilities:
- name: CHOWN
description: ClamAV is able to chown files.
- name: FOWNER
description: ClamAV is able bypass permission checks for it's sub-processes.
- name: DAC_OVERRIDE
description: ClamAV is able to bypass permission checks.
- name: SETGID
description: ClamAV is able to set group ID for it's sub-processes.
- name: SETUID
description: ClamAV is able to set user ID for it's sub-processes.
hostMounts: []

208
library/ix-dev/community/clamav/questions.yaml Normal file
View File

@@ -0,0 +1,208 @@
groups:
- name: ClamAV Configuration
description: Configure ClamAV
- name: Network Configuration
description: Configure Network for ClamAV
- name: Storage Configuration
description: Configure Storage for ClamAV
- name: Resources Configuration
description: Configure Resources for ClamAV
questions:
- variable: clamavConfig
label: ""
group: ClamAV Configuration
schema:
type: dict
attrs:
- variable: disableClamd
label: Disable ClamD
description: Do not start Clam daemon
schema:
type: boolean
default: false
- variable: disableFreshClamd
label: Disable FreshClamD
description: Do not start the FreshClam daemon
schema:
type: boolean
default: false
- variable: disableMilterd
label: Disable MilterD
description: Do not start the ClamAV-Milter daemon
schema:
type: boolean
default: true
- variable: clamdStartupTimeout
label: ClamD Startup Timeout
description: Seconds to wait for ClamD to start
schema:
type: int
default: 1800
required: true
- variable: freshclamChecks
label: Fresh Clam Checks
description: Times to check per day for a new database.
schema:
type: int
default: 1
min: 1
max: 50
required: true
- variable: additionalEnvs
label: Additional Environment Variables
description: Configure additional environment variables for ClamAV.
schema:
type: list
default: []
items:
- variable: env
label: Environment Variable
schema:
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
required: true
- variable: value
label: Value
schema:
type: string
required: true
- variable: clamavNetwork
label: ""
group: Network Configuration
schema:
type: dict
attrs:
- variable: clamdPort
label: ClamD Port
description: The port for the ClamAV ClamD
schema:
type: int
default: 30000
min: 9000
max: 65535
required: true
- variable: milterdPort
label: MilterD Port
description: The port for the ClamAV MilterD
schema:
type: int
default: 30001
min: 9000
max: 65535
required: true
- variable: clamavStorage
label: ""
group: Storage Configuration
schema:
type: dict
attrs:
- variable: sigdb
label: ClamAV Signature Database Storage
description: The path to store ClamAV Signature Database.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: sig-db
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: scandir
label: ClamAV Scan Storage
description: The path to store ClamAV Scan storage.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: scan-dir
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: resources
label: ""
group: Resources Configuration
schema:
type: dict
attrs:
- variable: limits
label: Limits
schema:
type: dict
attrs:
- variable: cpu
label: CPU
description: CPU limit for ClamAV.
schema:
type: string
default: 4000m
required: true
- variable: memory
label: Memory
description: Memory limit for ClamAV.
schema:
type: string
default: 8Gi
required: true

1
library/ix-dev/community/clamav/templates/NOTES.txt Normal file
View File

@@ -0,0 +1 @@
{{ include "ix.v1.common.lib.chart.notes" $ }}

99
library/ix-dev/community/clamav/templates/_clamav.tpl Normal file
View File

@@ -0,0 +1,99 @@
{{- define "clamav.workload" -}}
workload:
clamav:
enabled: true
primary: true
type: Deployment
podSpec:
hostNetwork: false
containers:
clamav:
enabled: true
primary: true
tty: true
stdin: true
imageSelector: image
securityContext:
# FIXME: https://github.com/Cisco-Talos/clamav/issues/478
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
capabilities:
add:
- CHOWN
- DAC_OVERRIDE
- FOWNER
- SETUID
- SETGID
env:
CLAMAV_NO_CLAMD: {{ .Values.clamavConfig.disableClamd | quote }}
CLAMAV_NO_FRESHCLAMD: {{ .Values.clamavConfig.disableFreshClamd | quote }}
CLAMAV_NO_MILTERD: {{ .Values.clamavConfig.disableMilterd | quote }}
CLAMD_STARTUP_TIMEOUT: {{ .Values.clamavConfig.clamdStartupTimeout | quote }}
FRESHCLAM_CHECKS: {{ .Values.clamavConfig.freshclamChecks | quote }}
{{ with .Values.clamavConfig.additionalEnvs }}
envList:
{{ range $env := . }}
- name: {{ $env.name }}
value: {{ $env.value }}
{{ end }}
{{ end }}
probes:
liveness:
enabled: {{ not .Values.clamavConfig.disableClamd }}
type: exec
command: clamdcheck.sh
readiness:
enabled: {{ not .Values.clamavConfig.disableClamd }}
type: exec
command: clamdcheck.sh
startup:
enabled: {{ not .Values.clamavConfig.disableClamd }}
type: exec
command: clamdcheck.sh
{{/* Service */}}
service:
clamav:
enabled: {{ or (not .Values.clamavConfig.disableClamd) (not .Values.clamavConfig.disableMilterd) }}
primary: true
type: NodePort
targetSelector: clamav
ports:
clamd:
enabled: {{ not .Values.clamavConfig.disableClamd }}
primary: true
port: {{ .Values.clamavNetwork.clamdPort }}
nodePort: {{ .Values.clamavNetwork.clamdPort }}
targetPort: 3310
targetSelector: clamav
milted:
enabled: {{ not .Values.clamavConfig.disableMilterd }}
primary: {{ .Values.clamavConfig.disableClamd }}
port: {{ .Values.clamavNetwork.milterdPort }}
nodePort: {{ .Values.clamavNetwork.milterdPort }}
targetPort: 7357
targetSelector: clamav
{{/* Persistence */}}
persistence:
data:
enabled: true
type: {{ .Values.clamavStorage.sigdb.type }}
datasetName: {{ .Values.clamavStorage.sigdb.datasetName | default "" }}
hostPath: {{ .Values.clamavStorage.sigdb.hostPath | default "" }}
targetSelector:
clamav:
clamav:
mountPath: /var/lib/clamav
scan-dir:
enabled: true
type: {{ .Values.clamavStorage.scandir.type }}
datasetName: {{ .Values.clamavStorage.scandir.datasetName | default "" }}
hostPath: {{ .Values.clamavStorage.scandir.hostPath | default "" }}
targetSelector:
clamav:
clamav:
mountPath: /scandir
{{- end -}}

6
library/ix-dev/community/clamav/templates/common.yaml Normal file
View File

@@ -0,0 +1,6 @@
{{- include "ix.v1.common.loader.init" . -}}
{{/* Merge the templates with Values */}}
{{- $_ := mustMergeOverwrite .Values (include "clamav.workload" $ | fromYaml) -}}
{{- include "ix.v1.common.loader.apply" . -}}

1
library/ix-dev/community/clamav/upgrade_info.json Normal file
View File

@@ -0,0 +1 @@
{"filename": "values.yaml", "keys": ["image"]}

31
library/ix-dev/community/clamav/upgrade_strategy Executable file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/python3
import json
import re
import sys
from catalog_update.upgrade_strategy import semantic_versioning
RE_STABLE_VERSION = re.compile(r'^[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?$')
def newer_mapping(image_tags):
key = list(image_tags.keys())[0]
tags = {t: t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)}
version = semantic_versioning(list(tags))
if not version:
return {}
return {
'tags': {key: tags[version]},
'app_version': version,
}
if __name__ == '__main__':
try:
versions_json = json.loads(sys.stdin.read())
except ValueError:
raise ValueError('Invalid json specified')
print(json.dumps(newer_mapping(versions_json)))

31
library/ix-dev/community/clamav/values.yaml Normal file
View File

@@ -0,0 +1,31 @@
image:
repository: clamav/clamav
pullPolicy: IfNotPresent
tag: '1.0.1-2'
resources:
limits:
cpu: 4000m
memory: 8Gi
clamavConfig:
disableClamd: false
disableFreshClamd: false
disableMilterd: true
clamdStartupTimeout: 1800
freshclamChecks: 1
additionalEnvs: []
clamavNetwork:
clamdPort: 30000
milterdPort: 30001
clamavStorage:
sigdb:
type: ixVolume
hostPath: ''
datasetName: sig-db
scandir:
type: ixVolume
hostPath: ''
datasetName: scan-dir