feat(clamav): cron (#2294)
* feat(clamav): cron * cronjob values * fix string * test false also * test * whoops * test run * test false * test * test * .. * volumes * tet * sh * date-format * root * secCont * log to /logs * wait for clamd * wait * ping and wait * fi * start clamd * use clamscan and test extra_args * faster * sched * typo * no clamd * sleep * check db * check if db exists yet * failing probes * 1st working example * no extra args * check @daily works * check extra args * print args also * faster * no extrra args * fix probes and log some more things * date_format default * gui logs * gui
This commit is contained in:
parent
a35f6825e1
commit
79afeedc66
|
@ -21,7 +21,7 @@ sources:
|
|||
- https://hub.docker.com/r/clamav/clamav
|
||||
- https://docs.clamav.net/
|
||||
type: application
|
||||
version: 2.0.7
|
||||
version: 2.1.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- utilities
|
||||
|
|
|
@ -92,6 +92,58 @@ questions:
|
|||
schema:
|
||||
type: int
|
||||
default: 1
|
||||
- variable: clamav
|
||||
group: "Container Configuration"
|
||||
label: "ClamAV Cron Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: cron_enabled
|
||||
label: "Enable cronjob"
|
||||
description: "Enables automatic scan for /scandir"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: cron_schedule
|
||||
label: "Cron Schedule"
|
||||
description: "Enter a valid cron schedule"
|
||||
schema:
|
||||
type: string
|
||||
default: "@daily"
|
||||
required: true
|
||||
- variable: log_file_name
|
||||
label: "Log File Name"
|
||||
description: "Log file name for the scan report. You will find this report in /logs/FILENAME_DATEFORMAT"
|
||||
schema:
|
||||
type: string
|
||||
default: "clamscan_report"
|
||||
required: true
|
||||
- variable: date_format
|
||||
label: "Date Format"
|
||||
description: "Date format for the log file"
|
||||
schema:
|
||||
type: string
|
||||
default: "MM-DD-YYYY_HH.MM.SS"
|
||||
required: true
|
||||
enum:
|
||||
- value: "+%m-%d-%Y_%H.%M.%S"
|
||||
description: "MM-DD-YYYY_HH.MM.SS"
|
||||
- value: "+%Y-%m-%d_%H.%M.%S"
|
||||
description: "YYYY-MM-DD_HH.MM.SS"
|
||||
- value: "+%H.%M.%S_%m-%d-%Y"
|
||||
description: "HH.MM.SS_MM-DD-YYYY"
|
||||
- value: "+%H.%M.%S_%Y-%m-%d"
|
||||
description: "HH.MM.SS_YYYY-MM-DD"
|
||||
- variable: extra_args
|
||||
label: "Extra Args"
|
||||
description: "Set extra args for clamscan here. (https://linux.die.net/man/1/clamscan). We already set --log, --database and --recursive. Do not add those here."
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
|
||||
# Include{containerConfig}
|
||||
|
||||
|
@ -295,7 +347,50 @@ questions:
|
|||
# Include{persistenceAdvanced}
|
||||
- variable: scandir
|
||||
label: "App Scan Dir Storage"
|
||||
description: "Stores the Application Scan Directory."
|
||||
description: "Stores the Application Scan Directory. (By default set to readOnly)"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: type
|
||||
label: "Type of Storage"
|
||||
description: "Sets the persistence type, Anything other than PVC could break rollback!"
|
||||
schema:
|
||||
type: string
|
||||
default: "simplePVC"
|
||||
enum:
|
||||
- value: "simplePVC"
|
||||
description: "PVC (simple)"
|
||||
- value: "simpleHP"
|
||||
description: "HostPath (simple)"
|
||||
- value: "emptyDir"
|
||||
description: "emptyDir"
|
||||
- value: "pvc"
|
||||
description: "pvc"
|
||||
- value: "hostPath"
|
||||
description: "hostPath"
|
||||
# Include{persistenceBasic}
|
||||
- variable: hostPath
|
||||
label: "hostPath"
|
||||
description: "Path inside the container the storage is mounted"
|
||||
schema:
|
||||
show_if: [["type", "=", "hostPath"]]
|
||||
type: hostpath
|
||||
- variable: medium
|
||||
label: "EmptyDir Medium"
|
||||
schema:
|
||||
show_if: [["type", "=", "emptyDir"]]
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "Memory"
|
||||
description: "Memory"
|
||||
# Include{persistenceAdvanced}
|
||||
- variable: logs
|
||||
label: "App Logs Storage"
|
||||
description: "Stores the Application Logs."
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
|
|
|
@ -0,0 +1,85 @@
|
|||
{{/* Define the cronjob */}}
|
||||
{{- define "clamav.cronjob" -}}
|
||||
{{- $jobName := include "common.names.fullname" . }}
|
||||
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: {{ printf "%s-cronjob" $jobName }}
|
||||
labels:
|
||||
{{- include "common.labels" . | nindent 4 }}
|
||||
spec:
|
||||
schedule: "{{ .Values.clamav.cron_schedule }}"
|
||||
concurrencyPolicy: Forbid
|
||||
{{- with .Values.cronjob.failedJobsHistoryLimit }}
|
||||
failedJobsHistoryLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.cronjob.successfulJobsHistoryLimit }}
|
||||
successfulJobsHistoryLimit: {{ . }}
|
||||
{{- end }}
|
||||
jobTemplate:
|
||||
metadata:
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
{{- with (include "common.controller.volumes" . | trim) }}
|
||||
volumes:
|
||||
{{- nindent 12 . }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
env:
|
||||
- name: date_format
|
||||
value: {{ .Values.clamav.date_format }}
|
||||
- name: log_file_name
|
||||
value: {{ .Values.clamav.log_file_name }}
|
||||
- name: report_path
|
||||
value: {{ .Values.clamav.report_path | trimSuffix "/" }}
|
||||
- name: extra_args
|
||||
value: {{ .Values.clamav.extra_args }}
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- >
|
||||
export databasePath=/var/lib/clamav;
|
||||
if [ "$(ls -A $databasePath)" ];
|
||||
then
|
||||
echo "Virus database exists...";
|
||||
else
|
||||
echo "Virus database does not exist yet...";
|
||||
echo "Exiting...";
|
||||
exit 1;
|
||||
fi;
|
||||
export status=99;
|
||||
export now=$(date ${date_format});
|
||||
export log_file=$report_path/${log_file_name}_${now};
|
||||
touch $log_file;
|
||||
echo "Starting scan of \"/scandir\"";
|
||||
echo "Args for clamscan: --database=${databasePath} --log=$log_file --recursive ${extra_args}";
|
||||
clamscan --database=${databasePath} --log=$log_file --recursive ${extra_args} /scandir;
|
||||
status=$?;
|
||||
if [ $status -eq 0 ];
|
||||
then
|
||||
echo "Exit Status: $status";
|
||||
echo "No Virus found!";
|
||||
elif [ $status -eq 1];
|
||||
then
|
||||
echo "Exit Status: $status.";
|
||||
echo "Virus(es) found. Check \"${log_file}\".";
|
||||
elif [ $status -eq 2];
|
||||
then
|
||||
echo "Exit Status: $status.";
|
||||
echo "Some error(s) occured.";
|
||||
else
|
||||
echo "Exit Status: $status.";
|
||||
fi;
|
||||
{{- with (include "common.controller.volumeMounts" . | trim) }}
|
||||
volumeMounts:
|
||||
{{ nindent 16 . }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 16 }}
|
||||
{{- end -}}
|
|
@ -1 +1,10 @@
|
|||
{{ include "common.all" . }}
|
||||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "common.setup" . }}
|
||||
|
||||
{{- if and .Values.clamav.cron_enabled .Values.clamav.cron_schedule}}
|
||||
{{/* Render cronjob for clamav */}}
|
||||
{{- include "clamav.cronjob" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.postSetup" . }}
|
||||
|
|
|
@ -11,6 +11,22 @@ securityContext:
|
|||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
env:
|
||||
CLAMAV_NO_CLAMD: false
|
||||
CLAMAV_NO_FRESHCLAMD: false
|
||||
CLAMAV_NO_MILTERD: true
|
||||
CLAMD_STARTUP_TIMEOUT: 1800
|
||||
FRESHCLAM_CHECKS: 1
|
||||
|
||||
clamav:
|
||||
report_path: "/logs"
|
||||
# User Defined
|
||||
cron_enabled: true
|
||||
cron_schedule: "* * * * *"
|
||||
date_format: "+%m-%d-%Y_%H.%M.%S"
|
||||
log_file_name: "clamscan_report"
|
||||
extra_args: ""
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
|
@ -19,10 +35,6 @@ probes:
|
|||
exec:
|
||||
command:
|
||||
- clamdcheck.sh
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 30
|
||||
failureThreshold: 10
|
||||
timeoutSeconds: 1
|
||||
readiness:
|
||||
enabled: true
|
||||
custom: true
|
||||
|
@ -30,10 +42,6 @@ probes:
|
|||
exec:
|
||||
command:
|
||||
- clamdcheck.sh
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 30
|
||||
failureThreshold: 10
|
||||
timeoutSeconds: 1
|
||||
startup:
|
||||
enabled: true
|
||||
custom: true
|
||||
|
@ -41,10 +49,6 @@ probes:
|
|||
exec:
|
||||
command:
|
||||
- clamdcheck.sh
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 30
|
||||
failureThreshold: 10
|
||||
timeoutSeconds: 1
|
||||
|
||||
service:
|
||||
main:
|
||||
|
@ -60,12 +64,10 @@ service:
|
|||
port: 7357
|
||||
targetPort: 7357
|
||||
|
||||
env:
|
||||
CLAMAV_NO_CLAMD: false
|
||||
CLAMAV_NO_FRESHCLAMD: false
|
||||
CLAMAV_NO_MILTERD: true
|
||||
CLAMD_STARTUP_TIMEOUT: 1800
|
||||
FRESHCLAM_CHECKS: 1
|
||||
cronjob:
|
||||
annotations: {}
|
||||
failedJobsHistoryLimit: 5
|
||||
successfulJobsHistoryLimit: 2
|
||||
|
||||
persistence:
|
||||
sigdatabase:
|
||||
|
@ -75,3 +77,6 @@ persistence:
|
|||
enabled: true
|
||||
mountPath: "/scandir"
|
||||
readOnly: true
|
||||
logs:
|
||||
enabled: true
|
||||
mountPath: "/logs"
|
||||
|
|
Loading…
Reference in New Issue