apiVersion: v1
kind: Pod
metadata:
  name: wireguard-test-pod
spec:
  containers:
  - name: wireguard
    image: ungleich/ungleich-wireguard:0.0.7
    command:
    - sleep
    - "1000000"
    securityContext:
      capabilities:
        # NET_ADMIN for wg
        # NET_RAW for iptables
        add: ["NET_ADMIN", "NET_RAW" ]