29 lines
553 B
YAML
29 lines
553 B
YAML
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: pod-secure
|
|
namespace: default
|
|
spec:
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
automountServiceAccountToken: false
|
|
containers:
|
|
- name: app
|
|
image: nginx:1.25.3
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|