github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/tools/hack/demo2023/demoapp.yaml

github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/tools/hack/demo2023/demoapp.yaml (about)

     1  apiVersion: apps/v1
     2  kind: Deployment
     3  metadata:
     4    name: app
     5    namespace: app
     6    labels:
     7      app: app
     8  spec:
     9    replicas: 1
    10    selector:
    11      matchLabels:
    12        app: app
    13    template:
    14      metadata:
    15        labels:
    16          app: app
    17        annotations:
    18          container.apparmor.security.beta.kubernetes.io/nginx: localhost/k8s-apparmor-example-allow-write
    19      spec:
    20        containers:
    21          - name: app
    22            image: nginx
    23            securityContext:
    24              runAsNonRoot: true
    25              runAsGroup: 1000
    26              runAsUser: 1001
    27              seLinuxOptions:
    28                  level: "s0:c123,c456"
    29              readOnlyRootFilesystem: true
    30              allowPrivilegeEscalation: false
    31              seccompProfile:
    32                localhostProfile: profiles/nginx.json
    33                type: Localhost
    34              capabilities:
    35                drop:
    36                  - all
    37                add:
    38                  - "..."