From 30877807a1445d38d94b02a8d6ce8564a6febb61 Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Sat, 10 Dec 2022 12:40:08 +0100
Subject: [PATCH] update(proxy): use lib42/squid

---
 projects/services/values/proxy.yaml | 45 ++++++++++++++---------------
 1 file changed, 21 insertions(+), 24 deletions(-)

diff --git a/projects/services/values/proxy.yaml b/projects/services/values/proxy.yaml
index c4c53d81..2625b0cf 100644
--- a/projects/services/values/proxy.yaml
+++ b/projects/services/values/proxy.yaml
@@ -5,16 +5,14 @@
 replicaCount: 1
 
 image:
-  repository: honestica/squid
-  tag: 4.71
-  pullPolicy: IfNotPresent
+  repository: lib42/squid
+  tag: latest
+  pullPolicy: Always
   # imagePullSecrets:
 
 service:
   type: ClusterIP
-  #  Specify IP to whitelist if needed
   #loadBalancerSourceRanges: ""
-  # Specify external IP if needed
   #loadBalancerIP: ""
   port: 80
   # annotations: {}
@@ -70,25 +68,10 @@ config: |
   httpd_suppress_version_string on
 
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-releaseAntiAffinity: true
+resources:
+  limits:
+    cpu: 500m
+    memory: 512Mi
 
 metrics:
   enabled: false
@@ -100,3 +83,17 @@ metrics:
       repository: boynux/squid-exporter
       tag: v1.9
       pullPolicy: IfNotPresent
+
+podSecurityContext:
+  runAsUser: 31
+  runAsGroup: 31
+  fsGroup: 31
+
+securityContext:
+  runAsNonRoot: true
+  privileged: false
+  readOnlyRootFilesystem: false
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL