Skip to content

[TASK] Create Helm Subchart for ClamAV Service #323

Open
Task
Open
[TASK] Create Helm Subchart for ClamAV Service#323
Task
Assignees
Aravinda-HWK
Labels
ImprovementThe functionality is working but can be improved.enhancementNew feature or request
@Aravinda-HWK

Description

@Aravinda-HWK
Aravinda-HWK
opened on Apr 3, 2026

What needs to be done?

📌 Overview

Develop a Helm subchart for deploying the ClamAV service as part of the email system. This chart will provide antivirus scanning capabilities and integrate with other components such as Rspamd.

🎯 Objectives

  • Package ClamAV as a reusable Helm subchart.
  • Enable antivirus scanning for incoming emails.
  • Support persistent storage for virus definitions.
  • Ensure the chart is configurable and production-ready.

🧩 Scope

1. Chart Initialization

  • Create a new Helm chart under:

    charts/clamav

  • Define Chart.yaml with appropriate metadata.

2. Kubernetes Resources

Implement templates for:

Deployment / StatefulSet

  • Deploy ClamAV container (clamav/clamav)

  • Configure environment variables:

    CLAMAV_NO_FRESHCLAMD=false

  • Ensure proper startup (ClamAV initializes virus DB)

Service

  • Expose ClamAV daemon internally:

    • Port: 3310 (TCP)

  • Service type: ClusterIP

PersistentVolumeClaim

  • Store virus database:

    /var/lib/clamav

  • Store logs:

    /var/log/clamav

3. Configuration (values.yaml)

Support configurable parameters:

Image

image:
  repository: clamav/clamav
  tag: latest
  pullPolicy: IfNotPresent

Resources (Important)

resources:
  requests:
    memory: 1Gi
    cpu: 200m
  limits:
    memory: 3Gi
    cpu: 1

Persistence

persistence:
  enabled: true
  storageClass: <storage-class>
  size: 10Gi

Service

service:
  type: ClusterIP
  port: 3310

4. Health Checks

Add probes to ensure reliability:

  • Readiness Probe

    • Verify ClamAV daemon is ready (TCP check on port 3310)

  • Liveness Probe

    • Ensure container is running and responsive

5. Configuration Management

  • Allow environment variable configuration via values.yaml
  • Support optional tuning (e.g., update frequency)

6. Resource Management

  • Ensure sufficient memory allocation (ClamAV is resource-intensive)
  • Prevent OOMKilled issues via proper limits

7. Integration Readiness

  • Ensure compatibility with:

    • Rspamd (antivirus scanning)

  • Keep chart loosely coupled (no hard dependency)

8. Testing

  • Add Helm test hook to:

    • Verify ClamAV service is reachable on port 3310
    • Validate daemon startup

9. Documentation

Create README.md including:

  • Installation instructions
  • Resource requirements
  • Configuration options
  • Integration notes with Rspamd

📦 Deliverables

  • Complete clamav Helm subchart
  • Configurable values.yaml
  • Templates (Deployment/StatefulSet, Service, PVC)
  • Documentation

✅ Acceptance Criteria

  • ClamAV deploys successfully via Helm
  • Virus database persists across restarts
  • Service is accessible internally
  • Resource usage is configurable
  • Chart integrates cleanly with the umbrella chart

⚠️ Notes

  • ClamAV is memory-intensive; ensure adequate resource allocation.
  • Initial startup may be slow due to database download.
  • Avoid tight coupling with other services at this stage.

Metadata

Metadata

Assignees

Labels

ImprovementThe functionality is working but can be improved.enhancementNew feature or request

Type

Task

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions