kuberneteskubectlclamav

How can I use ClamAV in Kubernetes to scan another pod?


I am using this k8s deployment. And this tutorial for the deployment. I can now scan the /host file. But I don't know how I could scan another pod. How would I give the rights to the k8s deployment to access another pod and how would I then get the filesystem to scan it?


Solution

  • Those examples are both showing how to scan the host OS, which kind of includes everything running. If you want to scan containers in particular you would probably use something totally different, like an image policy webhook and some custom glue code. If you mean something more like you have a service that accepts user uploads and you want to scan those, you would probably integrate ClamAV directly into the app as a sidecar and your app would talk to the daemon (or just run clamscan itself on demand maybe).