diff --git a/charts/stable/clamav/Chart.yaml b/charts/stable/clamav/Chart.yaml index e7506e60fe7..2412db71c9c 100644 --- a/charts/stable/clamav/Chart.yaml +++ b/charts/stable/clamav/Chart.yaml @@ -21,7 +21,7 @@ sources: - https://hub.docker.com/r/clamav/clamav - https://docs.clamav.net/ type: application -version: 2.0.7 +version: 2.1.0 annotations: truecharts.org/catagories: | - utilities diff --git a/charts/stable/clamav/questions.yaml b/charts/stable/clamav/questions.yaml index f118c5a4568..ac965dd2419 100644 --- a/charts/stable/clamav/questions.yaml +++ b/charts/stable/clamav/questions.yaml @@ -92,6 +92,58 @@ questions: schema: type: int default: 1 + - variable: clamav + group: "Container Configuration" + label: "ClamAV Cron Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cron_enabled + label: "Enable cronjob" + description: "Enables automatic scan for /scandir" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: cron_schedule + label: "Cron Schedule" + description: "Enter a valid cron schedule" + schema: + type: string + default: "@daily" + required: true + - variable: log_file_name + label: "Log File Name" + description: "Log file name for the scan report. You will find this report in /logs/FILENAME_DATEFORMAT" + schema: + type: string + default: "clamscan_report" + required: true + - variable: date_format + label: "Date Format" + description: "Date format for the log file" + schema: + type: string + default: "MM-DD-YYYY_HH.MM.SS" + required: true + enum: + - value: "+%m-%d-%Y_%H.%M.%S" + description: "MM-DD-YYYY_HH.MM.SS" + - value: "+%Y-%m-%d_%H.%M.%S" + description: "YYYY-MM-DD_HH.MM.SS" + - value: "+%H.%M.%S_%m-%d-%Y" + description: "HH.MM.SS_MM-DD-YYYY" + - value: "+%H.%M.%S_%Y-%m-%d" + description: "HH.MM.SS_YYYY-MM-DD" + - variable: extra_args + label: "Extra Args" + description: "Set extra args for clamscan here. (https://linux.die.net/man/1/clamscan). We already set --log, --database and --recursive. Do not add those here." + schema: + type: string + default: "" + # Include{containerConfig} @@ -295,7 +347,50 @@ questions: # Include{persistenceAdvanced} - variable: scandir label: "App Scan Dir Storage" - description: "Stores the Application Scan Directory." + description: "Stores the Application Scan Directory. (By default set to readOnly)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" +# Include{persistenceBasic} + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" +# Include{persistenceAdvanced} + - variable: logs + label: "App Logs Storage" + description: "Stores the Application Logs." schema: additional_attrs: true type: dict diff --git a/charts/stable/clamav/templates/_cronjob.tpl b/charts/stable/clamav/templates/_cronjob.tpl new file mode 100644 index 00000000000..c74a24cb69d --- /dev/null +++ b/charts/stable/clamav/templates/_cronjob.tpl @@ -0,0 +1,85 @@ +{{/* Define the cronjob */}} +{{- define "clamav.cronjob" -}} +{{- $jobName := include "common.names.fullname" . }} + +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ printf "%s-cronjob" $jobName }} + labels: + {{- include "common.labels" . | nindent 4 }} +spec: + schedule: "{{ .Values.clamav.cron_schedule }}" + concurrencyPolicy: Forbid + {{- with .Values.cronjob.failedJobsHistoryLimit }} + failedJobsHistoryLimit: {{ . }} + {{- end }} + {{- with .Values.cronjob.successfulJobsHistoryLimit }} + successfulJobsHistoryLimit: {{ . }} + {{- end }} + jobTemplate: + metadata: + spec: + template: + metadata: + spec: + restartPolicy: Never + {{- with (include "common.controller.volumes" . | trim) }} + volumes: + {{- nindent 12 . }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + - name: date_format + value: {{ .Values.clamav.date_format }} + - name: log_file_name + value: {{ .Values.clamav.log_file_name }} + - name: report_path + value: {{ .Values.clamav.report_path | trimSuffix "/" }} + - name: extra_args + value: {{ .Values.clamav.extra_args }} + command: ["sh", "-c"] + args: + - > + export databasePath=/var/lib/clamav; + if [ "$(ls -A $databasePath)" ]; + then + echo "Virus database exists..."; + else + echo "Virus database does not exist yet..."; + echo "Exiting..."; + exit 1; + fi; + export status=99; + export now=$(date ${date_format}); + export log_file=$report_path/${log_file_name}_${now}; + touch $log_file; + echo "Starting scan of \"/scandir\""; + echo "Args for clamscan: --database=${databasePath} --log=$log_file --recursive ${extra_args}"; + clamscan --database=${databasePath} --log=$log_file --recursive ${extra_args} /scandir; + status=$?; + if [ $status -eq 0 ]; + then + echo "Exit Status: $status"; + echo "No Virus found!"; + elif [ $status -eq 1]; + then + echo "Exit Status: $status."; + echo "Virus(es) found. Check \"${log_file}\"."; + elif [ $status -eq 2]; + then + echo "Exit Status: $status."; + echo "Some error(s) occured."; + else + echo "Exit Status: $status."; + fi; + {{- with (include "common.controller.volumeMounts" . | trim) }} + volumeMounts: + {{ nindent 16 . }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 16 }} +{{- end -}} diff --git a/charts/stable/clamav/templates/common.yaml b/charts/stable/clamav/templates/common.yaml index a6613c2ce21..2a6d613a928 100644 --- a/charts/stable/clamav/templates/common.yaml +++ b/charts/stable/clamav/templates/common.yaml @@ -1 +1,10 @@ -{{ include "common.all" . }} +{{/* Make sure all variables are set properly */}} +{{- include "common.setup" . }} + +{{- if and .Values.clamav.cron_enabled .Values.clamav.cron_schedule}} +{{/* Render cronjob for clamav */}} +{{- include "clamav.cronjob" . }} +{{- end -}} + +{{/* Render the templates */}} +{{ include "common.postSetup" . }} diff --git a/charts/stable/clamav/values.yaml b/charts/stable/clamav/values.yaml index bf9ada51d44..483b3fa0553 100644 --- a/charts/stable/clamav/values.yaml +++ b/charts/stable/clamav/values.yaml @@ -11,6 +11,22 @@ securityContext: readOnlyRootFilesystem: false runAsNonRoot: false +env: + CLAMAV_NO_CLAMD: false + CLAMAV_NO_FRESHCLAMD: false + CLAMAV_NO_MILTERD: true + CLAMD_STARTUP_TIMEOUT: 1800 + FRESHCLAM_CHECKS: 1 + +clamav: + report_path: "/logs" + # User Defined + cron_enabled: true + cron_schedule: "* * * * *" + date_format: "+%m-%d-%Y_%H.%M.%S" + log_file_name: "clamscan_report" + extra_args: "" + probes: liveness: enabled: true @@ -19,10 +35,6 @@ probes: exec: command: - clamdcheck.sh - initialDelaySeconds: 15 - periodSeconds: 30 - failureThreshold: 10 - timeoutSeconds: 1 readiness: enabled: true custom: true @@ -30,10 +42,6 @@ probes: exec: command: - clamdcheck.sh - initialDelaySeconds: 15 - periodSeconds: 30 - failureThreshold: 10 - timeoutSeconds: 1 startup: enabled: true custom: true @@ -41,10 +49,6 @@ probes: exec: command: - clamdcheck.sh - initialDelaySeconds: 15 - periodSeconds: 30 - failureThreshold: 10 - timeoutSeconds: 1 service: main: @@ -60,12 +64,10 @@ service: port: 7357 targetPort: 7357 -env: - CLAMAV_NO_CLAMD: false - CLAMAV_NO_FRESHCLAMD: false - CLAMAV_NO_MILTERD: true - CLAMD_STARTUP_TIMEOUT: 1800 - FRESHCLAM_CHECKS: 1 +cronjob: + annotations: {} + failedJobsHistoryLimit: 5 + successfulJobsHistoryLimit: 2 persistence: sigdatabase: @@ -75,3 +77,6 @@ persistence: enabled: true mountPath: "/scandir" readOnly: true + logs: + enabled: true + mountPath: "/logs"