apiVersion: apps/v1
kind: Deployment
metadata:
  name: apache-demo
  namespace: secure
spec:
  replicas: 1
  selector:
    matchLabels:
      app: apache-demo
  template:
    metadata:
      labels:
        app: apache-demo
    spec:
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      containers:
      - name: apache-demo
        image: pub.msandor.hu/msandor/apache-demo:latest
        ports:
        - containerPort: 8080
          protocol: TCP
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop: ["ALL"]
      restartPolicy: Always