apiVersion: v1
kind: Pod
metadata:
  name: pod-secretsmanager
  annotations:
    seccomp.security.alpha.kubernetes.io/pod: docker/default
    apparmor.security.beta.kubernetes.io/pod: runtime/default
spec:
  securityContext:
    runAsUser:    1337
    runAsNonRoot: true
  containers:
  - name: pod-secretsmanager
    image: paavanmistry/node-aws-sm-demo:latest
    securityContext:
      allowPrivilegeEscalation: false
    env:
      - name: ENDPOINT
        value: "https://secretsmanager.us-west-2.amazonaws.com"
      - name: REGION
        value: "us-west-2"
      - name: SECRETNAME
        value: "sm-demo-secret"
  restartPolicy: Never