From b0c13f2ee724e2959835a45d4e3445c22ac4f0d5 Mon Sep 17 00:00:00 2001 From: Xstar97 Date: Sun, 27 Nov 2022 16:40:19 -0500 Subject: [PATCH] fix(kodi-headless) set rofs to false + default credentials (#4902) * fix(kodi-headless) set perms rootless * rofs false | docs * rar --- charts/stable/kodi-headless/Chart.yaml | 29 +++++----- .../stable/kodi-headless/docs/credentials.md | 4 ++ charts/stable/kodi-headless/questions.yaml | 58 +++++++++---------- charts/stable/kodi-headless/values.yaml | 1 + 4 files changed, 48 insertions(+), 44 deletions(-) create mode 100644 charts/stable/kodi-headless/docs/credentials.md diff --git a/charts/stable/kodi-headless/Chart.yaml b/charts/stable/kodi-headless/Chart.yaml index 0e1328de6c0..b303d633c62 100644 --- a/charts/stable/kodi-headless/Chart.yaml +++ b/charts/stable/kodi-headless/Chart.yaml @@ -1,29 +1,28 @@ apiVersion: v2 -kubeVersion: ">=1.16.0-0" -name: kodi-headless -version: 4.0.1 appVersion: "190" -description: A headless install of kodi in a docker container. -type: application -deprecated: false -home: https://truecharts.org/docs/charts/stable/kodi-headless -icon: https://truecharts.org/img/hotlink-ok/chart-icons/kodi-headless.png -keywords: - - kodi-headless -sources: - - https://github.com/truecharts/charts/tree/master/charts/stable/kodi-headless - - https://hub.docker.com/r/linuxserver/kodi-headless dependencies: - name: common repository: https://library-charts.truecharts.org version: 11.0.3 - # condition: +deprecated: false +description: A headless install of kodi in a docker container. +home: https://truecharts.org/docs/charts/stable/kodi-headless +icon: https://truecharts.org/img/hotlink-ok/chart-icons/kodi-headless.png +keywords: + - kodi-headless +kubeVersion: ">=1.16.0-0" maintainers: - email: info@truecharts.org name: TrueCharts url: https://truecharts.org +name: kodi-headless +sources: + - https://github.com/truecharts/charts/tree/master/charts/stable/kodi-headless + - https://hub.docker.com/r/linuxserver/kodi-headless +type: application +version: 4.0.2 annotations: truecharts.org/catagories: | - - incubator + - media truecharts.org/SCALE-support: "true" truecharts.org/grade: U diff --git a/charts/stable/kodi-headless/docs/credentials.md b/charts/stable/kodi-headless/docs/credentials.md new file mode 100644 index 00000000000..cef4c1f04d0 --- /dev/null +++ b/charts/stable/kodi-headless/docs/credentials.md @@ -0,0 +1,4 @@ +# Default credentials + +- Username: `kodi` +- Password: `kodi` diff --git a/charts/stable/kodi-headless/questions.yaml b/charts/stable/kodi-headless/questions.yaml index 3a6f503e96c..0942a69daf3 100644 --- a/charts/stable/kodi-headless/questions.yaml +++ b/charts/stable/kodi-headless/questions.yaml @@ -11,8 +11,8 @@ questions: # Include{containerConfig} # Include{serviceRoot} - variable: main - label: "Main Service" - description: "The Primary service on which the healthcheck runs, often the webUI" + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI schema: additional_attrs: true type: dict @@ -20,21 +20,21 @@ questions: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main - label: "Main Service Port Configuration" + label: Main Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port - label: "Port" - description: "This port exposes the container port on the service" + label: Port + description: This port exposes the container port on the service schema: type: int default: 10148 required: true - variable: websocket - label: "websocket Service" - description: "The websocket service." + label: websocket Service + description: The websocket service. schema: additional_attrs: true type: dict @@ -42,21 +42,21 @@ questions: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: websocket - label: "websocket Service Port Configuration" + label: websocket Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port - label: "Port" - description: "This port exposes the container port on the service" + label: Port + description: This port exposes the container port on the service schema: type: int default: 10152 required: true - variable: esall - label: "esall Service" - description: "The esall service." + label: esall Service + description: The esall service. schema: additional_attrs: true type: dict @@ -64,14 +64,14 @@ questions: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: esall - label: "esall Service Port Configuration" + label: esall Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port - label: "Port" - description: "This port exposes the container port on the service" + label: Port + description: This port exposes the container port on the service schema: type: int default: 9777 @@ -82,8 +82,8 @@ questions: # Include{serviceList} # Include{persistenceRoot} - variable: config - label: "App Config Storage" - description: "Stores the Application Configuration." + label: App Config Storage + description: Stores the Application Configuration. schema: additional_attrs: true type: dict @@ -92,7 +92,7 @@ questions: # Include{persistenceList} # Include{ingressRoot} - variable: main - label: "Main Ingress" + label: Main Ingress schema: additional_attrs: true type: dict @@ -104,41 +104,41 @@ questions: # Include{security} # Include{securityContextAdvancedRoot} - variable: privileged - label: "Privileged mode" + label: Privileged mode schema: type: boolean default: false - variable: readOnlyRootFilesystem - label: "ReadOnly Root Filesystem" + label: ReadOnly Root Filesystem schema: type: boolean - default: true + default: false - variable: allowPrivilegeEscalation - label: "Allow Privilege Escalation" + label: Allow Privilege Escalation schema: type: boolean default: false - variable: runAsNonRoot - label: "runAsNonRoot" + label: runAsNonRoot schema: type: boolean default: false # Include{podSecurityContextRoot} - variable: runAsUser - label: "runAsUser" - description: "The UserID of the user running the application" + label: runAsUser + description: The UserID of the user running the application schema: type: int default: 0 - variable: runAsGroup - label: "runAsGroup" - description: "The groupID this App of the user running the application" + label: runAsGroup + description: The groupID this App of the user running the application schema: type: int default: 0 - variable: fsGroup - label: "fsGroup" - description: "The group that should own ALL storage." + label: fsGroup + description: The group that should own ALL storage. schema: type: int default: 568 diff --git a/charts/stable/kodi-headless/values.yaml b/charts/stable/kodi-headless/values.yaml index 9208cfea220..6fbf9fce0a2 100644 --- a/charts/stable/kodi-headless/values.yaml +++ b/charts/stable/kodi-headless/values.yaml @@ -4,6 +4,7 @@ image: tag: v190 securityContext: + readOnlyRootFilesystem: false runAsNonRoot: false podSecurityContext: