github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/tools/hack/demo2023/demoapp.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 name: app 5 namespace: app 6 labels: 7 app: app 8 spec: 9 replicas: 1 10 selector: 11 matchLabels: 12 app: app 13 template: 14 metadata: 15 labels: 16 app: app 17 annotations: 18 container.apparmor.security.beta.kubernetes.io/nginx: localhost/k8s-apparmor-example-allow-write 19 spec: 20 containers: 21 - name: app 22 image: nginx 23 securityContext: 24 runAsNonRoot: true 25 runAsGroup: 1000 26 runAsUser: 1001 27 seLinuxOptions: 28 level: "s0:c123,c456" 29 readOnlyRootFilesystem: true 30 allowPrivilegeEscalation: false 31 seccompProfile: 32 localhostProfile: profiles/nginx.json 33 type: Localhost 34 capabilities: 35 drop: 36 - all 37 add: 38 - "..."