-
-
Save jhunt/21190d872fced7f45ac2b7adc83c67c3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: clamav | |
data: | |
clamd.conf: | | |
Foreground yes | |
Debug no | |
LeaveTemporaryFiles no | |
LogFile /dev/stdout | |
LogFileMaxSize 0 | |
LogTime yes | |
LogClean no | |
TCPSocket 3310 | |
TCPAddr 0.0.0.0 | |
ExcludePath ^/proc/ | |
ExcludePath ^/sys/ | |
ExcludePath ^/host/proc/ | |
ExcludePath ^/host/sys/ | |
MaxDirectoryRecursion 64 | |
FollowDirectorySymlinks no | |
FollowFileSymlinks no | |
CrossFilesystems no | |
AllowAllMatchScan no | |
HeuristicAlerts no | |
HeuristicScanPrecedence no | |
ScanELF yes | |
ScanPDF yes | |
ScanSWF yes | |
ScanXMLDOCS yes | |
ScanArchive yes | |
freshclam.conf: | | |
Foreground yes | |
DatabaseDirectory /var/lib/clamav | |
UpdateLogFile /dev/stdout | |
Debug no | |
LogFileMaxSize 0 | |
LogTime yes | |
DatabaseOwner root | |
DNSDatabaseInfo current.cvd.clamav.net | |
DatabaseMirror database.clamav.net | |
MaxAttempts 3 | |
ScriptedUpdates yes | |
CompressLocalDatabase no | |
TestDatabases yes | |
SafeBrowsing no | |
Bytecode no | |
Checks 12 | |
NotifyClamd /etc/clamav/clamd.conf | |
ConnectTimeout 30 | |
ReceiveTimeout 60 | |
--- | |
apiVersion: apps/v1 | |
kind: DaemonSet | |
metadata: | |
name: clamd | |
spec: | |
selector: | |
matchLabels: | |
aikido: clamd | |
template: | |
metadata: | |
labels: | |
aikido: clamd | |
spec: | |
volumes: | |
- name: host | |
hostPath: | |
path: / | |
- name: clamdb | |
emptyDir: | |
- name: etc | |
configMap: | |
name: clamav | |
initContainers: | |
- name: init | |
image: filefrog/clamav:latest | |
imagePullPolicy: Always | |
command: | |
- /clamav | |
- seed | |
volumeMounts: | |
- name: etc | |
mountPath: /etc/clamav | |
readOnly: yes | |
- name: clamdb | |
mountPath: /var/lib/clamav | |
readOnly: no | |
containers: | |
- name: clamd | |
image: filefrog/clamav:latest | |
imagePullPolicy: Always | |
command: | |
- /clamav | |
- clamd | |
securityContext: | |
capabilities: | |
add: [SYS_ADMIN, SYS_PTRACE] | |
readinessProbe: | |
periodSeconds: 3 | |
tcpSocket: | |
port: 3310 | |
volumeMounts: | |
- name: etc | |
mountPath: /etc/clamav | |
readOnly: yes | |
- name: host | |
mountPath: /host | |
readOnly: yes | |
- name: clamdb | |
mountPath: /var/lib/clamav | |
readOnly: yes | |
- name: freshclam | |
image: filefrog/clamav:latest | |
imagePullPolicy: Always | |
command: | |
- /clamav | |
- freshclam | |
volumeMounts: | |
- name: etc | |
mountPath: /etc/clamav | |
readOnly: yes | |
- name: clamdb | |
mountPath: /var/lib/clamav | |
readOnly: no |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment