--- apiVersion: v1 kind: Namespace metadata: name: my-privileged-namespace labels: pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce-version: latest --- apiVersion: v1 kind: Pod metadata: name: disk-wipe-talos-node-2 namespace: my-privileged-namespace spec: restartPolicy: Never nodeName: talos-node-2 containers: - name: disk-wipe image: rook/ceph:v1.10.8 securityContext: privileged: true command: [ "/bin/sh", "-c", "sgdisk --zap-all /dev/nvme0n1", "dd if=/dev/zero bs=1M count=10000 oflag=direct of=/dev/nvme0n1", "blkdiscard /dev/nvme0n1", "partprobe /dev/nvme0n1", ] volumeMounts: - mountPath: /dev name: dev securityContext: runAsUser: 0 runAsGroup: 0 volumes: - name: dev hostPath: path: /dev --- apiVersion: v1 kind: Pod metadata: name: disk-wipe-talos-node-3 namespace: my-privileged-namespace spec: restartPolicy: Never nodeName: talos-node-3 containers: - name: disk-wipe image: rook/ceph:v1.10.8 securityContext: privileged: true command: [ "/bin/sh", "-c", "sgdisk --zap-all /dev/nvme0n1", "dd if=/dev/zero bs=1M count=10000 oflag=direct of=/dev/nvme0n1", "blkdiscard /dev/nvme0n1", "partprobe /dev/nvme0n1", ] volumeMounts: - mountPath: /dev name: dev securityContext: runAsUser: 0 runAsGroup: 0 volumes: - name: dev hostPath: path: /dev --- apiVersion: v1 kind: Pod metadata: name: disk-wipe-talos-node-4 namespace: my-privileged-namespace spec: restartPolicy: Never nodeName: talos-node-4 containers: - name: disk-wipe image: rook/ceph:v1.10.8 securityContext: privileged: true command: [ "/bin/sh", "-c", "sgdisk --zap-all /dev/nvme0n1", "dd if=/dev/zero bs=1M count=10000 oflag=direct of=/dev/nvme0n1", "blkdiscard /dev/nvme0n1", "partprobe /dev/nvme0n1", ] volumeMounts: - mountPath: /dev name: dev securityContext: runAsUser: 0 runAsGroup: 0 volumes: - name: dev hostPath: path: /dev