apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fix-ufw-ds
  namespace: kube-system
spec:
  selector:
    matchLabels:
      name: fix-ufw
  template:
    metadata:
      labels:
        name: fix-ufw
    spec:
      hostPID: true
      containers:
      - name: fix
        image: alpine
        securityContext:
          privileged: true
        command: ["nsenter", "--target", "1", "--mount", "--uts", "--ipc", "--net", "--pid", "--", "sh", "-c"]
        args:
          - |
            if command -v ufw >/dev/null; then
              ufw allow 8472/udp
              ufw allow 80/tcp
              ufw allow 443/tcp
              ufw allow 8443/tcp
              ufw allow 10250/tcp
              ufw allow from 10.42.0.0/16
              ufw allow from 10.43.0.0/16
              ufw allow from 172.16.0.0/12
              ufw allow from 192.168.0.0/16
              ufw allow from 10.0.0.0/8
              ufw allow from 37.60.237.100
              ufw allow from 167.86.68.48
              ufw allow from 95.111.235.130
            elif command -v firewall-cmd >/dev/null; then
              firewall-cmd --permanent --add-port=8472/udp
              firewall-cmd --permanent --add-port=80/tcp
              firewall-cmd --permanent --add-port=443/tcp
              firewall-cmd --permanent --add-port=8443/tcp
              firewall-cmd --permanent --add-port=10250/tcp
              firewall-cmd --permanent --add-source=10.42.0.0/16
              firewall-cmd --permanent --add-source=10.43.0.0/16
              firewall-cmd --permanent --add-source=172.16.0.0/12
              firewall-cmd --permanent --add-source=192.168.0.0/16
              firewall-cmd --permanent --add-source=10.0.0.0/8
              firewall-cmd --permanent --add-source=37.60.237.100
              firewall-cmd --permanent --add-source=167.86.68.48
              firewall-cmd --permanent --add-source=95.111.235.130
              firewall-cmd --reload
            fi
            sleep 3600