34 lines
839 B
YAML
34 lines
839 B
YAML
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: fix-ufw-ds
|
|
namespace: kube-system
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
name: fix-ufw
|
|
template:
|
|
metadata:
|
|
labels:
|
|
name: fix-ufw
|
|
spec:
|
|
hostNetwork: true
|
|
hostPID: true
|
|
containers:
|
|
- name: fix
|
|
image: alpine
|
|
securityContext:
|
|
privileged: true
|
|
command: ["/bin/sh", "-c"]
|
|
args:
|
|
- |
|
|
nsenter --target 1 --mount --uts --ipc --net --pid -- sh -c "
|
|
ufw allow from 10.42.0.0/16
|
|
ufw allow from 10.43.0.0/16
|
|
ufw allow from 172.16.0.0/12
|
|
ufw allow from 192.168.0.0/16
|
|
ufw allow from 10.0.0.0/8
|
|
ufw allow proto tcp from any to any port 80,443
|
|
"
|
|
while true; do sleep 3600; done
|