diff --git a/infrastructure/helm/bailo/templates/clamav/clamav.deployment.yaml b/infrastructure/helm/bailo/templates/clamav/clamav.deployment.yaml index e1c2ee358..5bf640539 100644 --- a/infrastructure/helm/bailo/templates/clamav/clamav.deployment.yaml +++ b/infrastructure/helm/bailo/templates/clamav/clamav.deployment.yaml @@ -21,7 +21,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + runAsUser: {{ .Values.clamav.runAsUser }} containers: - name: {{ include "bailo.fullname" . }}-clamav ports: @@ -29,11 +29,8 @@ spec: containerPort: 3310 protocol: TCP image: {{ .Values.clamav.image }} - command: - - /bin/sh - args: - - -c - - /init-unprivileged # Runs ClamAV as non-root unprivileged user. https://docs.clamav.net/manual/Installing/Docker.html#running-clamd-using-non-root-user-using---user-and---entrypoint + command: ["/bin/sh", "-c"] + args: ["/init-unprivileged && chown -R 1002:1002 /var/lib/clamav"] # Runs ClamAV as non-root unprivileged user. https://docs.clamav.net/manual/Installing/Docker.html#running-clamd-using-non-root-user-using---user-and---entrypoint resources: requests: memory: "100Mi" @@ -59,5 +56,5 @@ spec: emptyDir: {} - name: clamav-signatures persistentVolumeClaim: - claimName: {{ .Values.aws.pvcClamAVName }} + claimName: {{ include "bailo.fullname" . }}-clamav-pvc {{- end }} diff --git a/infrastructure/helm/bailo/templates/clamav/clamav.pvc.yaml b/infrastructure/helm/bailo/templates/clamav/clamav.pvc.yaml index a437242dc..af8659f59 100644 --- a/infrastructure/helm/bailo/templates/clamav/clamav.pvc.yaml +++ b/infrastructure/helm/bailo/templates/clamav/clamav.pvc.yaml @@ -1,14 +1,17 @@ {{- if .Values.clamav.enabled }} ---- -apiVersion: v1 + kind: PersistentVolumeClaim +apiVersion: v1 metadata: - name: {{ .Values.aws.pvcClamAVName }} + name: {{ include "bailo.fullname" . }}-clamav-pvc + labels: + {{- include "bailo.labels" . | nindent 4 }} spec: accessModes: - - ReadWriteOnce - storageClassName: {{ .Values.aws.storageName }} + {{- range .Values.clamav.accessModes }} + - {{ . | quote }} + {{- end }} resources: requests: - storage: {{ .Values.aws.pvcClamAVStorage }} + storage: {{ .Values.clamav.size | quote }} {{- end }} diff --git a/infrastructure/helm/bailo/values.yaml b/infrastructure/helm/bailo/values.yaml index c4c935757..eec90ca56 100644 --- a/infrastructure/helm/bailo/values.yaml +++ b/infrastructure/helm/bailo/values.yaml @@ -90,8 +90,6 @@ aws: pvcMinioStorage: 20Gi pvcMongoName: "bailo-mongodb" pvcMongoStorage: 10Gi - pvcClamAVName: "bailo-clamav" - pvcClamAVStorage: 5Gi # Pod resource resources: @@ -287,5 +285,9 @@ backend: clamav: enabled: false + runAsUser: 1002 image: clamav/clamav:latest_base # https://docs.clamav.net/manual/Installing/Docker.html#the-official-images-on-docker-hub port: 3310 + accessModes: + - ReadWriteOnce + size: 10G