Move qb to its own namespace for NET_ADMIN.

kubernetes/apps/qbittorrent/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  # Flux-Kustomizations
+  - ./qbittorrent/ks.yaml

kubernetes/apps/qbittorrent/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: qbittorrent
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled

kubernetes/apps/qbittorrent/qbittorrent/app/externalsecret.yaml

@@ -4,6 +4,7 @@ apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
   name: qbittorrent
+  namespace: qbittorrent
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml

@@ -77,6 +77,8 @@ spec:
                   name: qbittorrent-secret
             securityContext:
               capabilities:
+                drop:
+                  - ALL
                 add:
                   - NET_ADMIN
               allowPrivilegeEscalation: false

kubernetes/apps/qbittorrent/qbittorrent/ks.yaml

@@ -6,12 +6,12 @@ metadata:
   name: &app qbittorrent
   namespace: flux-system
 spec:
-  targetNamespace: default
+  targetNamespace: qbittorrent
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
   interval: 10m
-  path: "./kubernetes/apps/default/qbittorrent/app"
+  path: "./kubernetes/apps/qbittorrent/qbittorrent/app"
   prune: true
   sourceRef:
     kind: GitRepository