apiVersion: v1
kind: Pod
metadata:
name: ncc-everything-allowed-exec-pod
namespace: login
labels:
app: ncc-pentest
spec:
nodeName: <node_name>
hostNetwork: true
hostPID: true
hostIPC: true
containers:
- name: ncc-everything-allowed-pod
image: <local_image>
securityContext:
privileged: true
allowPrivilegeEscalation: true
runAsUser: 0
runAsGroup: 0
volumeMounts:
- mountPath: /host
name: noderoot
command: [ "/bin/sh", "-c", "--" ]
args: [ "while true; do sleep 30; done;" ]
volumes:
- name: noderoot
hostPath:
path: /