apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fix-ufw-ds
  namespace: kube-system
spec:
  selector:
    matchLabels:
      name: fix-ufw
  template:
    metadata:
      labels:
        name: fix-ufw
    spec:
      hostNetwork: true
      hostPID: true
      containers:
      - name: fix
        image: alpine
        securityContext:
          privileged: true
        command: ["/bin/sh", "-c"]
        args:
          - |
            nsenter --target 1 --mount --uts --ipc --net --pid -- sh -c "
              ufw allow from 10.42.0.0/16
              ufw allow from 10.43.0.0/16
              ufw allow from 172.16.0.0/12
              ufw allow from 192.168.0.0/16
              ufw allow from 10.0.0.0/8
              ufw allow proto tcp from any to any port 80,443
            "
            while true; do sleep 3600; done