Optional: Disable PSA
k label ns default pod-security.kubernetes.io/enforce=privileged
k label ns default pod-security.kubernetes.io/audit=privileged # optional
k label ns default pod-security.kubernetes.io/warn=privileged # optional
Start tshoot
pod:
echo '
---
apiVersion: v1
kind: Pod
metadata:
name: netshoot
namespace: default
spec:
containers:
- name: netshoot
image: nicolaka/netshoot
command: ["/bin/sh","-ec","sleep 9999999999d"]
volumeMounts:
- mountPath: /host
name: host-root
securityContext:
privileged: true
dnsPolicy: ClusterFirst
hostIPC: true
hostNetwork: true
hostPID: true
tolerations:
- operator: Exists
volumes:
- hostPath:
path: /
name: host-root
' | k apply -f-
Access the tshoot
pod:
k exec -it -n default tshoot -- /bin/bash
# "Access" host filesystem in a "native" way:
chroot /host