From 6cf1db1ef6f91b70f483192002aa0ba9fa788644 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 10 Apr 2023 16:56:56 +0200 Subject: [PATCH] add more test images --- generic/alpine-sleep.yaml | 4 ++-- generic/sysctl-priv.yaml | 29 +++++++++++++++++++++++++++++ generic/wireguard-pod.yaml | 16 ++++++++++++++++ 3 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 generic/sysctl-priv.yaml create mode 100644 generic/wireguard-pod.yaml diff --git a/generic/alpine-sleep.yaml b/generic/alpine-sleep.yaml index 2aab04e..20e6191 100644 --- a/generic/alpine-sleep.yaml +++ b/generic/alpine-sleep.yaml @@ -1,11 +1,11 @@ apiVersion: v1 kind: Pod metadata: - name: alpine-sleep + name: alpine-sleep4 spec: containers: - name: alpine - image: alpine:3.15 + image: alpine:3.17 args: - sleep - "1000000" diff --git a/generic/sysctl-priv.yaml b/generic/sysctl-priv.yaml new file mode 100644 index 0000000..789461f --- /dev/null +++ b/generic/sysctl-priv.yaml @@ -0,0 +1,29 @@ +# Fun fact of this pod: +# Using below sysctl fails due to SysctlForbidden +# However using privileged: true allows to set the forwarding +apiVersion: v1 +kind: Pod +metadata: + name: sysctl-priv +spec: + containers: + - name: bird + image: "ungleich/bird:3.17-2.0.10" + securityContext: + privileged: true + command: + - /bin/sh + - -c + - "sleep 100000" + securityContext: + sysctls: + # - name: "net.ipv4.conf.all.rp_filter" + # value: "0" + # - name: "net.ipv4.conf.default.rp_filter" + # value: "0" + # - name: "net.ipv6.conf.all.forwarding" + # value: "1" + # - name: "net.ipv6.conf.default.forwarding" + # value: "1" + # - name: "net.ipv4.ip_forward" + # value: "1" diff --git a/generic/wireguard-pod.yaml b/generic/wireguard-pod.yaml new file mode 100644 index 0000000..2dc8bb1 --- /dev/null +++ b/generic/wireguard-pod.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: wireguard-test-pod +spec: + containers: + - name: wireguard + image: ungleich/ungleich-wireguard:0.0.7 + command: + - sleep + - "1000000" + securityContext: + capabilities: + # NET_ADMIN for wg + # NET_RAW for iptables + add: ["NET_ADMIN", "NET_RAW" ]