suse-coder
diff --git a/‎charts/opencloud-microservices/Chart.yaml‎
Lines changed: 1 addition & 1 deletion b/‎charts/opencloud-microservices/Chart.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎charts/opencloud-microservices/deployments/helm/helmfile.yaml‎
Lines changed: 3 additions & 4 deletions b/‎charts/opencloud-microservices/deployments/helm/helmfile.yaml‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎charts/opencloud-microservices/deployments/timoni/clamav/clamav.cue‎
Lines changed: 55 additions & 76 deletions b/‎charts/opencloud-microservices/deployments/timoni/clamav/clamav.cue‎
Lines changed: 55 additions & 76 deletions
diff --git a/‎charts/opencloud-microservices/deployments/timoni/clamav/configmap.yaml‎
Lines changed: 30 additions & 18 deletions b/‎charts/opencloud-microservices/deployments/timoni/clamav/configmap.yaml‎
Lines changed: 30 additions & 18 deletions
diff --git a/‎charts/opencloud-microservices/deployments/timoni/clamav/job.yaml‎
Lines changed: 0 additions & 23 deletions b/‎charts/opencloud-microservices/deployments/timoni/clamav/job.yaml‎
Lines changed: 0 additions & 23 deletions
diff --git a/‎charts/opencloud-microservices/deployments/timoni/clamav/runtime.cue‎
Lines changed: 31 additions & 25 deletions b/‎charts/opencloud-microservices/deployments/timoni/clamav/runtime.cue‎
Lines changed: 31 additions & 25 deletions
diff --git a/‎charts/opencloud-microservices/deployments/timoni/clamav/sa.yaml‎
Lines changed: 0 additions & 33 deletions b/‎charts/opencloud-microservices/deployments/timoni/clamav/sa.yaml‎
Lines changed: 0 additions & 33 deletions
diff --git a/‎charts/opencloud-microservices/templates/antivirus/deployment.yaml‎
Lines changed: 3 additions & 1 deletion b/‎charts/opencloud-microservices/templates/antivirus/deployment.yaml‎
Lines changed: 3 additions & 1 deletion
@@ -12,7 +12,7 @@ maintainers:
     email: [email protected]
     url: https://opencloud.eu
 type: application
-version: 0.3.6
+version: 0.3.7
 # renovate: datasource=docker depName=opencloudeu/opencloud-rolling
 appVersion: 3.6.0
 kubeVersion: ""
 
@@ -97,11 +97,10 @@ releases:
               # Space Administrator Role set to 100GB
               '2aadd357-682c-406b-8874-293091995fdd': 0
           virusscan:
-            enabled: false
+            enabled: true
             infectedFileHandling: "abort"
-            icap:
-              url: "http://clamav-icap.clamav:1344"
-              service: "avscan"
+            scannerType: "clamav"
+            clamavSocket: "tcp://clamav.clamav.svc.cluster.local:3310"
           appsIntegration:
             enabled: true
             wopiIntegration:
 
@@ -2,18 +2,18 @@ bundle: {
     apiVersion: "v1alpha1"
     name:       "clamav"
     instances: {
-        // "service-account": {
-        //     module: url: "oci://ghcr.io/stefanprodan/modules/flux-tenant"
-        //     namespace: "opencloud"
-        //     values: {
-        //         role: "namespace-admin"
-        //         resourceQuota: {
-        //             kustomizations: 100
-        //             helmreleases:   100
-        //         }
-        //     }
-        // },
-      
+        "service-account": {
+            module: url: "oci://ghcr.io/stefanprodan/modules/flux-tenant"
+            namespace: "clamav"
+            values: {
+                role: "namespace-admin"
+                resourceQuota: {
+                    kustomizations: 100
+                    helmreleases:   100
+                }
+            }
+        },
+       
         "clamav": {
             module: {
                 url: "oci://ghcr.io/stefanprodan/modules/flux-helm-release"
@@ -22,87 +22,66 @@ bundle: {
             namespace: "clamav"
             values: {
                 repository: {
-                    url: "https://gitlab.opencode.de/api/v4/projects/1381/packages/helm/stable"
+                    url: "https://wiremind.github.io/wiremind-helm-charts"
                 }
                 chart: {
-                    name:    "opendesk-clamav"
-                    version: "4.0.6"
+                    name:    "clamav"
+                    version: "3.7.1"
                 }
                 sync: {
                     timeout: 5
                     createNamespace: true
                 }
                 helmValues: {
-                    // Global persistence indirection (like _domainFilter pattern)
-                    _persistenceStorageClassName: string @timoni(runtime:string:PERSISTENCE_STORAGE_CLASS_NAME)
-                    _persistenceAccessModes:     string @timoni(runtime:string:PERSISTENCE_ACCESS_MODES)
+                    _persistenceStorageClassName: string @timoni(runtime:string:CLAMAV_PERSISTENCE_STORAGE_CLASS)
+                    _persistenceAccessModes:     string @timoni(runtime:string:CLAMAV_PERSISTENCE_ACCESS_MODES)
 
-                    replicaCount: string @timoni(runtime:string:CLAMAV_REPLICA_COUNT)
-                    resources: {
-                        limits: {
-                            cpu: string @timoni(runtime:string:CLAMAV_RESOURCES_LIMITS_CPU)
-                            memory: string @timoni(runtime:string:CLAMAV_RESOURCES_LIMITS_MEMORY)
-                        }
-                        requests: {
-                            cpu: string @timoni(runtime:string:CLAMAV_RESOURCES_REQUESTS_CPU)
-                            memory: string @timoni(runtime:string:CLAMAV_RESOURCES_REQUESTS_MEMORY)
+                    replicaCount: int @timoni(runtime:number:CLAMAV_REPLICA_COUNT)
+                    
+                    updateStrategy: {
+                        type: string @timoni(runtime:string:CLAMAV_UPDATE_STRATEGY_TYPE)
+                        rollingUpdate: {
+                            partition: int @timoni(runtime:number:CLAMAV_UPDATE_STRATEGY_PARTITION)
                         }
                     }
-                    persistence: {
-                        accessModes: [ "\(_persistenceAccessModes)" ]
-                        size: string @timoni(runtime:string:CLAMAV_PERSISTENCE_SIZE)
-                        storageClass: "\(_persistenceStorageClassName)"
+                    
+                    hpa: {
+                        enabled: bool @timoni(runtime:bool:CLAMAV_HPA_ENABLED)
                     }
-                    freshclam: {
-                        image: {
-                            tag: string @timoni(runtime:string:CLAMAV_FRESHCLAM_IMAGE_TAG)
-                        }
-                    }
-                    clamd: {
-                        image: {
-                            tag: string @timoni(runtime:string:CLAMAV_CLAMD_IMAGE_TAG)
-                        }
+                    
+                    podDisruptionBudget: {
+                        enabled: bool @timoni(runtime:bool:CLAMAV_PDB_ENABLED)
+                        minAvailable: int @timoni(runtime:number:CLAMAV_PDB_MIN_AVAILABLE)
                     }
-                    icap: {
-                        image: {
-                            registry:   string @timoni(runtime:string:CLAMAV_ICAP_IMAGE_REGISTRY)
-                            repository: string @timoni(runtime:string:CLAMAV_ICAP_IMAGE_REPOSITORY)
-                            tag:        string @timoni(runtime:string:CLAMAV_ICAP_IMAGE_TAG)
-                        }
-
-                        settings: {
-                            clamdModClamdHost: string @timoni(runtime:string:CLAMAV_ICAP_CLAMD_HOST)
-                            tmpDir: "/icap-tmp"
-                        }
-
-                        extraVolumes: [
-                            {
-                                name: "icap-tmp"
-                                emptyDir: {}
-                            }
-                        ]
-
-                        extraVolumeMounts: [
-                            {
-                                name:      "icap-tmp"
-                                mountPath: "/icap-tmp"
-                            }
-                        ]
-
-                        lifecycleHooks: {
-                            postStart: {
-                                exec: {
-                                    command: [
-                                    "sh", "-c",
-                                    "rm -f /var/run/c-icap/c-icap.* /var/tmp/c-icap.* || true"
-                                    ]
+                    
+                    topologySpreadConstraints: [
+                        {
+                            maxSkew: int @timoni(runtime:number:CLAMAV_TOPOLOGY_MAX_SKEW)
+                            topologyKey: string @timoni(runtime:string:CLAMAV_TOPOLOGY_KEY)
+                            whenUnsatisfiable: string @timoni(runtime:string:CLAMAV_TOPOLOGY_UNSATISFIABLE)
+                            labelSelector: {
+                                matchLabels: {
+                                    "app.kubernetes.io/name": "clamav"
                                 }
                             }
                         }
+                    ]
+                    
+                    persistentVolume: {
+                        enabled: bool @timoni(runtime:bool:CLAMAV_PERSISTENCE_ENABLED)
+                        size: string @timoni(runtime:string:CLAMAV_PERSISTENCE_SIZE)
+                        storageClass: "\(_persistenceStorageClassName)"
+                        accessModes: [ "\(_persistenceAccessModes)" ]
                     }
-                    milter: {
-                        settings: {
-                            clamdHost: string @timoni(runtime:string:CLAMAV_MILTER_CLAMD_HOST)
+                    
+                    resources: {
+                        limits: {
+                            cpu: string @timoni(runtime:string:CLAMAV_RESOURCES_LIMITS_CPU)
+                            memory: string @timoni(runtime:string:CLAMAV_RESOURCES_LIMITS_MEMORY)
+                        }
+                        requests: {
+                            cpu: string @timoni(runtime:string:CLAMAV_RESOURCES_REQUESTS_CPU)
+                            memory: string @timoni(runtime:string:CLAMAV_RESOURCES_REQUESTS_MEMORY)
                         }
                     }
                 }
 
@@ -10,25 +10,37 @@ metadata:
   namespace: clamav
 data:
   ###############################################################################
-  # Persistence StorageClass and AccessModes (global defaults)
+  # High Availability Configuration
   ###############################################################################
-  PERSISTENCE_STORAGE_CLASS_NAME: ""
-  # Comma-separated for runtime to split into a list, e.g. "ReadWriteMany" or "ReadWriteOnce,ReadOnlyMany"
-  PERSISTENCE_ACCESS_MODES: "ReadWriteOnce"
+  CLAMAV_REPLICA_COUNT: "1"
+  CLAMAV_UPDATE_STRATEGY_TYPE: "RollingUpdate"
+  CLAMAV_UPDATE_STRATEGY_PARTITION: "1"
+  CLAMAV_HPA_ENABLED: "false"
+  CLAMAV_PDB_ENABLED: "false"
+  CLAMAV_PDB_MIN_AVAILABLE: "1"
+  CLAMAV_TOPOLOGY_MAX_SKEW: "1"
+  CLAMAV_TOPOLOGY_KEY: "kubernetes.io/hostname"
+  CLAMAV_TOPOLOGY_UNSATISFIABLE: "ScheduleAnyway"
 
   ###############################################################################
-  # ClamAV Configuration
+  # Persistence Configuration
   ###############################################################################
-  CLAMAV_REPLICA_COUNT: "1"
-  CLAMAV_RESOURCES_LIMITS_CPU: "500m"
-  CLAMAV_RESOURCES_LIMITS_MEMORY: "512Mi"
-  CLAMAV_RESOURCES_REQUESTS_CPU: "250m"
-  CLAMAV_RESOURCES_REQUESTS_MEMORY: "256Mi"
-  CLAMAV_PERSISTENCE_SIZE: "10Gi"
-  CLAMAV_FRESHCLAM_IMAGE_TAG: "1.4.0"
-  CLAMAV_CLAMD_IMAGE_TAG: "1.4.0"
-  CLAMAV_ICAP_IMAGE_TAG: "0.5.10"
-  CLAMAV_ICAP_IMAGE_REPOSITORY: "bmi/opendesk/components/platform-development/images/clamav-icap"
-  CLAMAV_ICAP_IMAGE_REGISTRY: "registry.opencode.de"
-  CLAMAV_ICAP_CLAMD_HOST: "clamav-clamd"
-  CLAMAV_MILTER_CLAMD_HOST: "clamav-clamd"
+  CLAMAV_PERSISTENCE_ENABLED: "true"
+  CLAMAV_PERSISTENCE_SIZE: "100Mi"
+  # For ReadWriteMany deployment, change to: ReadWriteMany
+  CLAMAV_PERSISTENCE_ACCESS_MODES: "ReadWriteOnce"
+  CLAMAV_PERSISTENCE_STORAGE_CLASS: ""
+
+  ###############################################################################
+  # Resource Configuration
+  ###############################################################################
+  CLAMAV_RESOURCES_LIMITS_CPU: "6000m"
+  CLAMAV_RESOURCES_LIMITS_MEMORY: "8Gi"
+  CLAMAV_RESOURCES_REQUESTS_CPU: "500m"
+  CLAMAV_RESOURCES_REQUESTS_MEMORY: "1Gi"
+
+  ###############################################################################
+  # Image Configuration
+  ###############################################################################
+  # Leave empty to use default image tag from helm chart
+  CLAMAV_IMAGE_TAG: ""
@@ -5,39 +5,45 @@ runtime: {
 		{
 			query: "k8s:v1:ConfigMap:clamav:opencloud-config"
 			for: {
-				"PERSISTENCE_STORAGE_CLASS_NAME": "obj.data.PERSISTENCE_STORAGE_CLASS_NAME"
-				"PERSISTENCE_ACCESS_MODES":       "obj.data.PERSISTENCE_ACCESS_MODES"
 				"CLAMAV_REPLICA_COUNT": "obj.data.CLAMAV_REPLICA_COUNT"
+				"CLAMAV_UPDATE_STRATEGY_TYPE": "obj.data.CLAMAV_UPDATE_STRATEGY_TYPE"
+				"CLAMAV_UPDATE_STRATEGY_PARTITION": "obj.data.CLAMAV_UPDATE_STRATEGY_PARTITION"
+				"CLAMAV_HPA_ENABLED": "obj.data.CLAMAV_HPA_ENABLED"
+				"CLAMAV_PDB_ENABLED": "obj.data.CLAMAV_PDB_ENABLED"
+				"CLAMAV_PDB_MIN_AVAILABLE": "obj.data.CLAMAV_PDB_MIN_AVAILABLE"
+				"CLAMAV_TOPOLOGY_MAX_SKEW": "obj.data.CLAMAV_TOPOLOGY_MAX_SKEW"
+				"CLAMAV_TOPOLOGY_KEY": "obj.data.CLAMAV_TOPOLOGY_KEY"
+				"CLAMAV_TOPOLOGY_UNSATISFIABLE": "obj.data.CLAMAV_TOPOLOGY_UNSATISFIABLE"
+				"CLAMAV_PERSISTENCE_ENABLED": "obj.data.CLAMAV_PERSISTENCE_ENABLED"
+				"CLAMAV_PERSISTENCE_SIZE": "obj.data.CLAMAV_PERSISTENCE_SIZE"
+				"CLAMAV_PERSISTENCE_ACCESS_MODES": "obj.data.CLAMAV_PERSISTENCE_ACCESS_MODES"
+				"CLAMAV_PERSISTENCE_STORAGE_CLASS": "obj.data.CLAMAV_PERSISTENCE_STORAGE_CLASS"
 				"CLAMAV_RESOURCES_LIMITS_CPU": "obj.data.CLAMAV_RESOURCES_LIMITS_CPU"
 				"CLAMAV_RESOURCES_LIMITS_MEMORY": "obj.data.CLAMAV_RESOURCES_LIMITS_MEMORY"
 				"CLAMAV_RESOURCES_REQUESTS_CPU": "obj.data.CLAMAV_RESOURCES_REQUESTS_CPU"
 				"CLAMAV_RESOURCES_REQUESTS_MEMORY": "obj.data.CLAMAV_RESOURCES_REQUESTS_MEMORY"
-				"CLAMAV_PERSISTENCE_SIZE": "obj.data.CLAMAV_PERSISTENCE_SIZE"
-				"CLAMAV_FRESHCLAM_IMAGE_TAG": "obj.data.CLAMAV_FRESHCLAM_IMAGE_TAG"
-				"CLAMAV_CLAMD_IMAGE_TAG": "obj.data.CLAMAV_CLAMD_IMAGE_TAG"
-				"CLAMAV_ICAP_IMAGE_TAG": "obj.data.CLAMAV_ICAP_IMAGE_TAG"
-				"CLAMAV_ICAP_IMAGE_REPOSITORY": "obj.data.CLAMAV_ICAP_IMAGE_REPOSITORY"
-				"CLAMAV_ICAP_IMAGE_REGISTRY": "obj.data.CLAMAV_ICAP_IMAGE_REGISTRY"
-				"CLAMAV_ICAP_CLAMD_HOST": "obj.data.CLAMAV_ICAP_CLAMD_HOST"
-				"CLAMAV_MILTER_CLAMD_HOST": "obj.data.CLAMAV_MILTER_CLAMD_HOST"
+				"CLAMAV_IMAGE_TAG": "obj.data.CLAMAV_IMAGE_TAG"
 			}
 		}
 	]
 	defaults: {
-		PERSISTENCE_STORAGE_CLASS_NAME: ""
-		PERSISTENCE_ACCESS_MODES: "ReadWriteOnce"
-		CLAMAV_REPLICA_COUNT: "1"
-		CLAMAV_RESOURCES_LIMITS_CPU: "500m"
-		CLAMAV_RESOURCES_LIMITS_MEMORY: "512Mi"
-		CLAMAV_RESOURCES_REQUESTS_CPU: "250m"
-		CLAMAV_RESOURCES_REQUESTS_MEMORY: "256Mi"
-		CLAMAV_PERSISTENCE_SIZE: "10Gi"
-		CLAMAV_FRESHCLAM_IMAGE_TAG: "1.4.0"
-		CLAMAV_CLAMD_IMAGE_TAG: "1.4.0"
-		CLAMAV_ICAP_IMAGE_TAG: "0.5.10"
-		CLAMAV_ICAP_IMAGE_REPOSITORY: "c6o/kgotham"
-		CLAMAV_ICAP_IMAGE_REGISTRY: "quay.io"
-		CLAMAV_ICAP_CLAMD_HOST: "opendesk-clamav-clamd"
-		CLAMAV_MILTER_CLAMD_HOST: "opendesk-clamav-clamd"
+		CLAMAV_REPLICA_COUNT: 2
+		CLAMAV_UPDATE_STRATEGY_TYPE: "RollingUpdate"
+		CLAMAV_UPDATE_STRATEGY_PARTITION: 0
+		CLAMAV_HPA_ENABLED: false
+		CLAMAV_PDB_ENABLED: true
+		CLAMAV_PDB_MIN_AVAILABLE: 1
+		CLAMAV_TOPOLOGY_MAX_SKEW: 1
+		CLAMAV_TOPOLOGY_KEY: "kubernetes.io/hostname"
+		CLAMAV_TOPOLOGY_UNSATISFIABLE: "ScheduleAnyway"
+		CLAMAV_PERSISTENCE_ENABLED: true
+		CLAMAV_PERSISTENCE_SIZE: "100Mi"
+		CLAMAV_PERSISTENCE_ACCESS_MODES: "ReadWriteMany"
+		CLAMAV_PERSISTENCE_STORAGE_CLASS: ""
+		CLAMAV_RESOURCES_LIMITS_CPU: "1000m"
+		CLAMAV_RESOURCES_LIMITS_MEMORY: "2Gi"
+		CLAMAV_RESOURCES_REQUESTS_CPU: "500m"
+		CLAMAV_RESOURCES_REQUESTS_MEMORY: "1Gi"
+		CLAMAV_IMAGE_TAG: ""
 	}
 }
@@ -51,7 +51,9 @@ spec:
             - name: ANTIVIRUS_INFECTED_FILE_HANDLING
               value: {{ .Values.features.virusscan.infectedFileHandling | quote }}
             - name: ANTIVIRUS_SCANNER_TYPE
-              value: "icap"
+              value: {{ .Values.features.virusscan.scannerType | quote }}
+            - name: ANTIVIRUS_CLAMAV_SOCKET
+              value: {{ .Values.features.virusscan.clamavSocket | quote }}
             - name: ANTIVIRUS_ICAP_SCAN_TIMEOUT
               value: {{ .Values.features.virusscan.icap.timeout | quote }}
             - name: ANTIVIRUS_ICAP_URL