About Me

My photo
I am an MCSE in Data Management and Analytics, specializing in MS SQL Server, and an MCP in Azure. With over 19+ years of experience in the IT industry, I bring expertise in data management, Azure Cloud, Data Center Migration, Infrastructure Architecture planning, as well as Virtualization and automation. I have a deep passion for driving innovation through infrastructure automation, particularly using Terraform for efficient provisioning. If you're looking for guidance on automating your infrastructure or have questions about Azure, SQL Server, or cloud migration, feel free to reach out. I often write to capture my own experiences and insights for future reference, but I hope that sharing these experiences through my blog will help others on their journey as well. Thank you for reading!

Clamav deployments using Helm chart in private AKS Cluster

ClamAV is an open-source antivirus software toolkit that is commonly used to scan files for malware. Deploying ClamAV on Azure Kubernetes Service (AKS) using Helm charts is a way to automate the process of installing and configuring ClamAV on a Kubernetes cluster.

A Helm chart is a package of pre-configured Kubernetes resources that can be easily installed and managed using the Helm command-line tool. The chart for ClamAV can be found in the official Helm chart repository and can be installed using the helm install command.

Step 1:- Download the latest version of the ClamAV image from the Docker Hub repository.

admina@mymgmtvm:~$ sudo docker pull clamav/clamav:latest

latest: Pulling from clamav/clamav

c158987b0551: Pull complete

68331520d622: Pull complete

Digest: sha256:314c46478306f1bbf3216e2a8ca4b3cb87ba5dd1e14fe4d43f0e3d13712a4af1

Status: Downloaded newer image for clamav/clamav:latest

docker.io/clamav/clamav:latest

Explanation: -

The command sudo docker pull clamav/clamav:latest is used to download the latest version of the ClamAV image from the Docker Hub repository.

Here is an overview of the command's components:

sudo: This command runs the following command with superuser (root) permissions. This is necessary in this case because the docker command requires permissions to access the Docker daemon.

docker pull: This command is used to download an image from a container registry, in this case, it's used to download the ClamAV image from the Docker Hub.

clamav/clamav: This is the name of the repository for the ClamAV image on the Docker Hub. The repository is named "clamav" and the image is named "clamav" as well.

latest: This is the tag of the image that you want to download. The latest tag refers to the most recent version of the image. If you want to download a specific version of the image, you can replace "latest" with the version number you want.

The command will pull the image from Docker Hub to your local machine so that you can run it using docker run command. It's worth noting that you need to have Docker installed on your machine and the machine should be able to connect to the internet, otherwise this command will fail.

Also, if you don't need root access to use the Docker daemon, you don't need to use the 'sudo' command, you can use the command as regular user with enough privileges to run the docker command. 

Step 2:- List the images that are currently present on the local machine.

admina@mymgmtvm:~$ sudo docker images

REPOSITORY      TAG       IMAGE ID       CREATED       SIZE

clamav/clamav   latest    1dc874f07607   6 weeks ago   455MB

Explanation: - 

The command sudo docker images is used to list the images that are currently present on the local machine.

docker images command shows all the images that are locally stored on your system.

Here is an overview of the command's components:

docker images: This command is used to list the images that are currently present on the local machine. The command shows the repository name, the tag of the image and the image ID, and the created date.

It's worth noting that sudo is needed only if you are not running the command as a user that has the necessary permissions to access the Docker daemon. If your user doesn't have the right permissions you might get a "Permission denied" error.

You can also use the docker image ls command as an alternative, which will give you the same result.

You can also use various options with the docker images command such as -a which lists all images including the ones that are not currently being used, -f which allows you to filter the images by name, label and other parameters.

docker images shows the list of the images that were previously pulled to your system and you can use them to create containers, it's a useful command to keep track of your local images, their versions and size.

Step 3:- create a new tag for an image in the local image repository and also associate it with a specific container registry.

admina@mymgmtvm:~$ sudo az acr login --name acrwpaws2dv

[sudo] password for admina:

Login Succeeded

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step 4:- create a new tag for an image in the local image repository and also associate it with a specific container registry.

create a new tag for an image in the local image repository and also associate it with a specific container registry.

$ sudo docker tag clamav/clamav:latest acrwpaws2dv.azurecr.io/clamav/clamav:latest

Explanation: - 

The command sudo docker tag clamav/clamav:latest acrwpaws2dv.azurecr.io/clamav/clamav:latest is used to create a new tag for an image in the local image repository and also associate it with a specific container registry.

Here is an overview of the command's components:

docker tag: This command is used to create a new tag for an image.

clamav/clamav:latest: This is the name and tag of the image that you want to create a new tag for. The repository is named "clamav" and the image is named "clamav" as well, ":latest" is the tag of the image you have downloaded or built.

acrwpaws2dv.azurecr.io/clamav/clamav:latest: This is the new name and tag you are creating for the image, it's also associated with the container registry acrwpaws2dv.azurecr.io, it also includes the name of the repository which will be "clamav" and the name of the image which is "clamav" and the tag "latest"

This command allows you to create a new name, and also associate it with a specific container registry, the new name can be used to refer to the image in that registry and use it to push or pull the image to that registry.

It's worth noting that, you must have the image already pulled to your local system, and the image should be present in the local image repository before you can create a new tag for it. Also, you don't need sudo if you don't need root access to use the Docker daemon.

You can also use the docker image tag command as an alternative, which will give you the same result.

Also, you need to make sure that you are authenticated to the ACR specified before you push the image, use the az acr login command to log in to the registry.

admina@mymgmtvm:~$ sudo docker login acrwpaws2dv.azurecr.io

Username: acrwpaws2dv

Password:

WARNING! Your password will be stored unencrypted in /home/admina/.docker/config.json.

Configure a credential helper to remove this warning. See

https://docs.docker.com/engine/reference/commandline/login/#credentials-store

admina@mymgmtvm:~$ sudo docker push acrwpaws2dv.azurecr.io/clamav/clamav:latest

The push refers to repository [acrwpaws2dv.azurecr.io/clamav/clamav]

60bf95a1a393: Pushed

f9606497addf: Pushed

71202d8b973b: Pushed

8fafadb26503: Pushed

126813a01b7b: Pushed

ded7a220bb05: Pushed

latest: digest: sha256:314c46478306f1bbf3216e2a8ca4b3cb87ba5dd1e14fe4d43f0e3d13712a4af1 size: 1579

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step 5 : Add the "stable" chart repository to your local Helm client.

 admina@mymgmtvm:~$ helm repo add stable https://charts.helm.sh/stable

"stable" has been added to your repositories

Explanation of above command: -

The command helm repo add stable https://charts.helm.sh/stable is used to add the "stable" chart repository to your local Helm client.

When you run this command, Helm connects to the specified URL (https://charts.helm.sh/stable) and downloads the index file for the repository. 

This index file contains a list of all the charts available in the repository, along with their versions and descriptions. After downloading the index file, Helm adds the repository to its local configuration, so you can then search and install charts from it.

Here's an overview of the command's components:

helm repo add: This command adds a new chart repository to the local Helm client.

stable: This is the name of the repository. It can be any name you choose, but it's common to use the name of the repository as the chart maintainer.

https://charts.helm.sh/stable: This is the URL for the chart repository. This is the location where the index file for the repository can be found.

By default, the stable chart repository contains a set of curated and well-maintained charts that are suitable for production use. The charts in the stable repository have passed a thorough review process and are considered production-ready. Adding the stable repository allows you to easily find and install charts that have been verified to work well together and have been thoroughly tested.

It is also worth to note that other chart repositories are available and could be used, like the bitnami chart repository or the incubator chart repository. You could use these repos to search for other versions of the chart.

As a best practice, it's always a good idea to double-check the chart's source, version and its compatibility with your Kubernetes cluster before installing it.

Step 6: update the local chart repository index files on your local Helm client.

admina@mymgmtvm:~$ helm repo update

output:-

Hang tight while we grab the latest from your chart repositories...

...Successfully got an update from the "ingress-nginx" chart repository

...Successfully got an update from the "stable" chart repository

Update Complete. ⎈Happy Helming!⎈

explanation of helm repo update:-

The helm repo update command is used to update the local chart repository index files on your local Helm client.

When you run helm repo update, Helm connects to each chart repository that you have added to your local configuration and downloads the latest index file for each repository. This index file contains information about all of the charts available in the repository, including their names, versions, and descriptions. Updating the index file ensures that you have the latest information about the charts available in the repository, so you can find and install the latest versions of the charts.

You can also update a specific repository by providing the repository's name:

--->helm repo update stable

This command updates the stable repository.

The command can be useful when you want to make sure you have the latest version of a chart before installing it. You can also use it to update the information about available charts in case a new chart is added to a repository, or if there is an update on the chart's version.

It's also worth noting that, you can set the update to happen automatically, by adding auto-update: true to the repositories.yaml file.


Keep in mind that this command is only updating the local copy of the repository, it does not update the chart or the deployed instances in your cluster. If you want to update the chart itself and deployed instances you need to run helm upgrade command.


Step 6A: sudo helm pull stable/clamav --untar

Step 6B :  cd clamav

Step 6C :$ nano values.yaml

   enable ingress to true in the values.ayml file  which is under folder clamAV

Step 7:- Generate a unique release name for the installation, so you don't have to come up with a name yourself.

$ helm install --generate-name stable/clamav --set image.repository=acrwpaws2dv.azurecr.io/clamav/clamav:latest

output:-

WARNING: This chart is deprecated

NAME: clamav-1673405645

LAST DEPLOYED: Wed Jan 11 02:54:07 2023

NAMESPACE: default

STATUS: deployed

REVISION: 1

TEST SUITE: None

NOTES:

1. Get the application URL by running these commands:

  export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=clamav,app.kubernetes.io/instance=clamav-1673405645" -o jsonpath="{.items[0].metadata.name}")

  echo "Visit http://127.0.0.1:8080 to use your application"

  kubectl port-forward $POD_NAME 8080:80

Explanation:-

The command helm install --generate-name stable/clamav --set image.repository=clamav/clamav is used to install the ClamAV chart from the stable repository and set the image repository to clamav/clamav. The command will generate a unique release name for the installation, so you don't have to come up with a name yourself.

Here's an overview of the command's components:

helm install: This command is used to install a Helm chart in a Kubernetes cluster. It creates all the necessary resources to run the chart, such as pods, services, and config maps.

--generate-name: This flag tells Helm to generate a unique release name for the installation, instead of requiring you to specify one. This allows you to easily keep track of different releases, especially when you have multiple instances of the same chart running in your cluster.

stable/clamav: This is the name of the chart that you want to install. stable is the name of the chart repository that the chart is located in, and clamav is the name of the chart.

--set: This flag is used to set the values for specific chart options, you can use this flag multiple times to set different options.

image.repository=clamav/clamav: This is the value that is passed to the --set flag. It sets the image repository to clamav/clamav which is the location of the ClamAV image in the Docker hub. By default, the chart might use other image repository, but in this case we are explicitly setting it to be this image.


Once the command is executed successfully, you can use helm list command to see the status of the chart and release name generated by Helm.

It's important to note that this command assumes that you have added the stable repository by running helm repo add stable https://charts.helm.sh/stable before running this command, otherwise it will raise an error saying that the stable repository is not found. Also make sure that you are connected to the correct kubernetes cluster and have the necessary permissions to deploy charts in it.

Step 8: Verify  pods and service is up

Now pod and server is up.

admina@mymgmtvm:~$ kubectl get pods

NAME                                   READY   STATUS    RESTARTS   AGE

clamav-1673416768-6558dc75f-d62z9      1/1     Running   0          3d22h

~~~~~~~

 name: clamav

        ports:

        - containerPort: 3310

          name: clamavport

          protocol: TCP

explanation:- 

This is a configuration for a Kubernetes Pod  that specifies a container running inside the pod, and the ports on which the container listens for incoming connections. 

The container is named "clamav" and it listens on port 3310, using the TCP protocol. 

The containerPort is the port on which the container is listening, while the name "clamavport" is a human-readable name for the port. This configuration is usually part of a larger configuration file such as a YAML file, that is used to create or update a pod or a deployment on a Kubernetes cluster.

C:\Users\admina>kubectl port-forward pod/clamav-1673416768-6558dc75f-d62z9 80:clamavport

Forwarding from 127.0.0.1:3310 -> 80

Forwarding from [::1]:3310 -> 80

This command kubectl port-forward pod/clamav-1673416768-6558dc75f-d62z9 80:clamavport forwards traffic from the port 80 of your local machine to the container port clamavport of the pod named clamav-1673416768-6558dc75f-d62z9 in Kubernetes. 

This allows you to access the services running inside the pod on your local machine through the forwarded port. The pod/ prefix is used to indicate that the resource being port-forwarded is a pod. This command requires that you have a running kubectl and a connection to a Kubernetes cluster.

It's important to note that in this case clamavport is a port name and not a number, as previously defined in the container configuration.


admina@mymgmtvm:~$ kubectl get services

NAME                TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE

clamav-1673416768   ClusterIP   10.2.0.60    <none>        3310/TCP   3d22h


kubectl port-forward service/clamav-1673416768 80:3310


Step 9 : Create an ingress file:- clamav-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-clamav
  namespace: clv
spec:
  ingressClassName: nginx
  rules:
  - host: demo.clamavdev.in
    http:
      paths:
      - backend:
          service:
            name: myrelease-clamav
            port:
              number: 80
        path: /
        pathType: Prefix



Step 10 : Create an application Gateway

az network application-gateway create --capacity 2 --frontend-port 80 --http-settings-cookie-based-affinity Enabled --http-settings-port 80 --http-settings-protocol Http --location westus2 --name agw-use-wpa-dev --public-ip-address myPublicIp --resource-group RGP-USE-SPOKE-DV --sku Standard_Small --subnet sub-use-agw-dv --vnet-name vnt-use-spoke-dv --priority 100

ensure VNET and subnet has already been created.

update backend target:-



No comments: