feat(clamav): cron (#2294)

* feat(clamav): cron

* cronjob values

* fix string

* test false also

* test

* whoops

* test run

* test false

* test

* test

* ..

* volumes

* tet

* sh

* date-format

* root

* secCont

* log to /logs

* wait for clamd

* wait

* ping and wait

* fi

* start clamd

* use clamscan and test extra_args

* faster

* sched

* typo

* no clamd

* sleep

* check db

* check if db exists yet

* failing probes

* 1st working example

* no extra args

* check @daily works

* check extra args

* print args also

* faster

* no extrra args

* fix probes and log some more things

* date_format default

* gui logs

* gui
This commit is contained in:
Stavros Kois 2022-03-27 01:16:14 +02:00 committed by GitHub
parent a35f6825e1
commit 79afeedc66
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 215 additions and 21 deletions

View File

@ -21,7 +21,7 @@ sources:
- https://hub.docker.com/r/clamav/clamav
- https://docs.clamav.net/
type: application
version: 2.0.7
version: 2.1.0
annotations:
truecharts.org/catagories: |
- utilities

View File

@ -92,6 +92,58 @@ questions:
schema:
type: int
default: 1
- variable: clamav
group: "Container Configuration"
label: "ClamAV Cron Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: cron_enabled
label: "Enable cronjob"
description: "Enables automatic scan for /scandir"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: cron_schedule
label: "Cron Schedule"
description: "Enter a valid cron schedule"
schema:
type: string
default: "@daily"
required: true
- variable: log_file_name
label: "Log File Name"
description: "Log file name for the scan report. You will find this report in /logs/FILENAME_DATEFORMAT"
schema:
type: string
default: "clamscan_report"
required: true
- variable: date_format
label: "Date Format"
description: "Date format for the log file"
schema:
type: string
default: "MM-DD-YYYY_HH.MM.SS"
required: true
enum:
- value: "+%m-%d-%Y_%H.%M.%S"
description: "MM-DD-YYYY_HH.MM.SS"
- value: "+%Y-%m-%d_%H.%M.%S"
description: "YYYY-MM-DD_HH.MM.SS"
- value: "+%H.%M.%S_%m-%d-%Y"
description: "HH.MM.SS_MM-DD-YYYY"
- value: "+%H.%M.%S_%Y-%m-%d"
description: "HH.MM.SS_YYYY-MM-DD"
- variable: extra_args
label: "Extra Args"
description: "Set extra args for clamscan here. (https://linux.die.net/man/1/clamscan). We already set --log, --database and --recursive. Do not add those here."
schema:
type: string
default: ""
# Include{containerConfig}
@ -295,7 +347,50 @@ questions:
# Include{persistenceAdvanced}
- variable: scandir
label: "App Scan Dir Storage"
description: "Stores the Application Scan Directory."
description: "Stores the Application Scan Directory. (By default set to readOnly)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "simpleHP"
description: "HostPath (simple)"
- value: "emptyDir"
description: "emptyDir"
- value: "pvc"
description: "pvc"
- value: "hostPath"
description: "hostPath"
# Include{persistenceBasic}
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
# Include{persistenceAdvanced}
- variable: logs
label: "App Logs Storage"
description: "Stores the Application Logs."
schema:
additional_attrs: true
type: dict

View File

@ -0,0 +1,85 @@
{{/* Define the cronjob */}}
{{- define "clamav.cronjob" -}}
{{- $jobName := include "common.names.fullname" . }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ printf "%s-cronjob" $jobName }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
schedule: "{{ .Values.clamav.cron_schedule }}"
concurrencyPolicy: Forbid
{{- with .Values.cronjob.failedJobsHistoryLimit }}
failedJobsHistoryLimit: {{ . }}
{{- end }}
{{- with .Values.cronjob.successfulJobsHistoryLimit }}
successfulJobsHistoryLimit: {{ . }}
{{- end }}
jobTemplate:
metadata:
spec:
template:
metadata:
spec:
restartPolicy: Never
{{- with (include "common.controller.volumes" . | trim) }}
volumes:
{{- nindent 12 . }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
env:
- name: date_format
value: {{ .Values.clamav.date_format }}
- name: log_file_name
value: {{ .Values.clamav.log_file_name }}
- name: report_path
value: {{ .Values.clamav.report_path | trimSuffix "/" }}
- name: extra_args
value: {{ .Values.clamav.extra_args }}
command: ["sh", "-c"]
args:
- >
export databasePath=/var/lib/clamav;
if [ "$(ls -A $databasePath)" ];
then
echo "Virus database exists...";
else
echo "Virus database does not exist yet...";
echo "Exiting...";
exit 1;
fi;
export status=99;
export now=$(date ${date_format});
export log_file=$report_path/${log_file_name}_${now};
touch $log_file;
echo "Starting scan of \"/scandir\"";
echo "Args for clamscan: --database=${databasePath} --log=$log_file --recursive ${extra_args}";
clamscan --database=${databasePath} --log=$log_file --recursive ${extra_args} /scandir;
status=$?;
if [ $status -eq 0 ];
then
echo "Exit Status: $status";
echo "No Virus found!";
elif [ $status -eq 1];
then
echo "Exit Status: $status.";
echo "Virus(es) found. Check \"${log_file}\".";
elif [ $status -eq 2];
then
echo "Exit Status: $status.";
echo "Some error(s) occured.";
else
echo "Exit Status: $status.";
fi;
{{- with (include "common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 16 . }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 16 }}
{{- end -}}

View File

@ -1 +1,10 @@
{{ include "common.all" . }}
{{/* Make sure all variables are set properly */}}
{{- include "common.setup" . }}
{{- if and .Values.clamav.cron_enabled .Values.clamav.cron_schedule}}
{{/* Render cronjob for clamav */}}
{{- include "clamav.cronjob" . }}
{{- end -}}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}

View File

@ -11,6 +11,22 @@ securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
env:
CLAMAV_NO_CLAMD: false
CLAMAV_NO_FRESHCLAMD: false
CLAMAV_NO_MILTERD: true
CLAMD_STARTUP_TIMEOUT: 1800
FRESHCLAM_CHECKS: 1
clamav:
report_path: "/logs"
# User Defined
cron_enabled: true
cron_schedule: "* * * * *"
date_format: "+%m-%d-%Y_%H.%M.%S"
log_file_name: "clamscan_report"
extra_args: ""
probes:
liveness:
enabled: true
@ -19,10 +35,6 @@ probes:
exec:
command:
- clamdcheck.sh
initialDelaySeconds: 15
periodSeconds: 30
failureThreshold: 10
timeoutSeconds: 1
readiness:
enabled: true
custom: true
@ -30,10 +42,6 @@ probes:
exec:
command:
- clamdcheck.sh
initialDelaySeconds: 15
periodSeconds: 30
failureThreshold: 10
timeoutSeconds: 1
startup:
enabled: true
custom: true
@ -41,10 +49,6 @@ probes:
exec:
command:
- clamdcheck.sh
initialDelaySeconds: 15
periodSeconds: 30
failureThreshold: 10
timeoutSeconds: 1
service:
main:
@ -60,12 +64,10 @@ service:
port: 7357
targetPort: 7357
env:
CLAMAV_NO_CLAMD: false
CLAMAV_NO_FRESHCLAMD: false
CLAMAV_NO_MILTERD: true
CLAMD_STARTUP_TIMEOUT: 1800
FRESHCLAM_CHECKS: 1
cronjob:
annotations: {}
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 2
persistence:
sigdatabase:
@ -75,3 +77,6 @@ persistence:
enabled: true
mountPath: "/scandir"
readOnly: true
logs:
enabled: true
mountPath: "/logs"