# This file is derived from https://github.com/Mailu/Mailu/blob/master/docs/kubernetes/mailu/security.yaml # (file is split into rspamd.yaml and clamav.yaml) {{- if .Values.clamav.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "mailu.fullname" . }}-clamav spec: selector: matchLabels: app: {{ include "mailu.fullname" . }} component: clamav replicas: 1 template: metadata: labels: app: {{ include "mailu.fullname" . }} component: clamav spec: serviceAccount: {{ include "mailu.serviceAccountName" . }} securityContext: runAsUser: 0 {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.clamav.afffinity | default .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: clamav image: {{ template "imageRegistry" . -}} {{ .Values.clamav.image.repository }}:{{ default .Values.mailuVersion .Values.clamav.image.tag }} imagePullPolicy: Always volumeMounts: - name: data subPath: clamav mountPath: /data {{- if .Values.timezone }} - name: zoneinfo mountPath: /usr/share/zoneinfo readOnly: true - name: zoneinfo subPath: {{ .Values.timezone }} mountPath: /etc/localtime readOnly: true {{- end }} env: - name: LOG_LEVEL value: {{ default .Values.logLevel .Values.clamav.logLevel }} ports: - name: clamav containerPort: 3310 protocol: TCP {{- with .Values.clamav.resources }} resources: {{- .|toYaml|nindent 10}} {{- end }} {{- if .Values.clamav.startupProbe}} startupProbe: exec: command: - /health.sh periodSeconds: {{ default 10 .Values.clamav.startupProbe.periodSeconds }} failureThreshold: {{ default 60 .Values.clamav.startupProbe.failureThreshold }} timeoutSeconds: {{ default 5 .Values.clamav.startupProbe.timeoutSeconds }} {{- end }} {{ if .Values.clamav.livenessProbe -}} livenessProbe: exec: command: - /health.sh periodSeconds: {{ default 10 .Values.clamav.livenessProbe.periodSeconds }} failureThreshold: {{ default 3 .Values.clamav.livenessProbe.failureThreshold }} timeoutSeconds: {{ default 5 .Values.clamav.livenessProbe.timeoutSeconds }} {{- end }} {{ if .Values.clamav.readinessProbe -}} readinessProbe: exec: command: - /health.sh periodSeconds: {{ default 10 .Values.clamav.readinessProbe.periodSeconds }} failureThreshold: {{ default 1 .Values.clamav.readinessProbe.failureThreshold }} timeoutSeconds: {{ default 5 .Values.clamav.readinessProbe.timeoutSeconds }} {{- end }} volumes: - name: data persistentVolumeClaim: claimName: {{ include "mailu.rspamdClamavAdminClaimName" . }} {{- if .Values.timezone }} - name: zoneinfo hostPath: path: /usr/share/zoneinfo type: Directory {{- end }} strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 0 maxSurge: 1 --- apiVersion: v1 kind: Service metadata: name: {{ include "mailu.fullname" . }}-clamav labels: app: {{ include "mailu.fullname" . }} component: clamav spec: selector: app: {{ include "mailu.fullname" . }} component: clamav ports: - name: clamav port: 3310 protocol: TCP {{- end }}