To address clamav user requirements for the official ClamAV container images, we have developed and deployed an unprivileged version of ClamAV container images using GitHub Packages. This mitigates privilege issues on Openshift.
- See Dockerfile for more detailed information about the Docker container.
- See Build and Publish ClamAV Image to understand the build pipeline.
- See clamav-unprivileged to find the list of published images.
We utilize Helm charts to deploy ClamAV instances and related Kubernetes resources on Openshift clusters.
-
If you are deploying from your local station, follow these steps:
- Log in to the target Openshift cluster:
oc login --token=sha256~abcdef --server=https://api.<cluster>.devops.gov.bc.ca:6443
- Navigate to the main Helm directory:
cd helm/main- Install/upgrade Helm deployments using
Makecommands:
make upgrade NAMESPACE=<namespace> IMAGE_TAG=<clamav-image-tag>
- Refer to clamav-unprivileged for the list of published images.
-
If you want to deploy via
GitHub UIusing workflow dispatch, follow these steps:-
Navigate to the
Deploy ClamAVGitHub workflow dispatch. -
Click the
Run workflowbutton on the right. -
Select the target environment for ClamAV deployment.
-
Enter the image tag version.
- Refer to clamav-unprivileged for the list of published images.
- Click the
Run workflowgreen button in the popup.
-
To run load testing jobs on Openshift clusters, we build and deploy the load-testing container image using GitHub Packages.
- See Dockerfile for detailed information about the Docker container.
- See Build and Publish ClamAV Image to understand the build pipeline.
- See clamav-load-testing to find the list of published images.
-
Please follow the steps below:
- Log in to the target Openshift cluster where you want to run the load testing:
oc login --token=sha256~abcdef --server=https://api.<cluster>.devops.gov.bc.ca:6443
- Navigate to the load-testing directory:
cd load-testing- Create the load testing Job:
kubectl apply -f job.yaml
- You may want to update the target ClamAV host environment variable
CLAMAV_HOST
- Delete the load testing Job:
kubectl delete -f job.yaml
We utilize Terraform to generate the Openshift service account token for use in GitHub pipelines.
- See oc-deployers - README.md for detailed information and instructions.
We utilize Terraform to configure Openshift Network Policies for managing access to ClamAV instances.
- See network-policies - README.md for detailed information and instructions.