apiVersion: v1
kind: Pod
metadata:
  name: alpine-sleep-hostnetwork-netperm
spec:
  hostNetwork: true
  containers:
  - name: alpine
    image: alpine:3.15
    args:
    - sleep
    - "1000000"
    securityContext:
      capabilities:
        # NET_ADMIN for wg
        # NET_RAW for iptables
        add: ["NET_ADMIN", "NET_RAW" ]