hack/testdata/pod-restricted-runtime-default.yaml - third_party/kubernetes - Git at Google

 apiVersion: v1
 kind: Pod
 metadata:
   labels:
     run: target
   name: target
 spec:
   securityContext:
     seccompProfile:
       type: RuntimeDefault
   containers:
   - image: busybox
     name: target
     command: ["/bin/sh", "-c", "sleep 100"]
     securityContext:
         runAsUser: 1000
         runAsGroup: 1000
         runAsNonRoot: true
         allowPrivilegeEscalation: false
         capabilities:
           drop:
           - "ALL"
	apiVersion: v1
	kind: Pod
	metadata:
	labels:
	run: target
	name: target
	spec:
	securityContext:
	seccompProfile:
	type: RuntimeDefault
	containers:
	- image: busybox
	name: target
	command: ["/bin/sh", "-c", "sleep 100"]
	securityContext:
	runAsUser: 1000
	runAsGroup: 1000
	runAsNonRoot: true
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- "ALL"