From 60b795254966862330d0cf6a3edab44a17a35fa6 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Sat, 11 Feb 2023 20:16:17 +0100 Subject: [PATCH] Add examples for host network --- generic/alpine-sleep-hostnetwork-netperm.yaml | 17 +++++++++++++ generic/alpine-sleep-hostnetwork.yaml | 12 ++++++++++ generic/alpine-sleep-netperm.yaml | 24 +++++++++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 generic/alpine-sleep-hostnetwork-netperm.yaml create mode 100644 generic/alpine-sleep-hostnetwork.yaml create mode 100644 generic/alpine-sleep-netperm.yaml diff --git a/generic/alpine-sleep-hostnetwork-netperm.yaml b/generic/alpine-sleep-hostnetwork-netperm.yaml new file mode 100644 index 0000000..5623c25 --- /dev/null +++ b/generic/alpine-sleep-hostnetwork-netperm.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Pod +metadata: + name: alpine-sleep-hostnetwork-netperm +spec: + hostNetwork: true + containers: + - name: alpine + image: alpine:3.15 + args: + - sleep + - "1000000" + securityContext: + capabilities: + # NET_ADMIN for wg + # NET_RAW for iptables + add: ["NET_ADMIN", "NET_RAW" ] diff --git a/generic/alpine-sleep-hostnetwork.yaml b/generic/alpine-sleep-hostnetwork.yaml new file mode 100644 index 0000000..8275b9f --- /dev/null +++ b/generic/alpine-sleep-hostnetwork.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Pod +metadata: + name: alpine-sleep-hostnetwork +spec: + hostNetwork: true + containers: + - name: alpine + image: alpine:3.15 + args: + - sleep + - "1000000" diff --git a/generic/alpine-sleep-netperm.yaml b/generic/alpine-sleep-netperm.yaml new file mode 100644 index 0000000..e6c948e --- /dev/null +++ b/generic/alpine-sleep-netperm.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Pod +metadata: + name: alpine-sleep-netperm +spec: + securityContext: + sysctls: + - name: net.ipv6.conf.all.forwarding + value: "1" + containers: + - name: alpine + image: alpine:3.15 + args: + - sleep + - "1000000" + securityContext: + capabilities: + # NET_ADMIN for wg + # NET_RAW for iptables + add: ["NET_ADMIN", "NET_RAW" ] + +# [12:31] nb3:generic% kubectl get pods -n testnico -w +# NAME READY STATUS RESTARTS AGE +# alpine-sleep-netperm 0/1 SysctlForbidden 0 49s