apiVersion: v1
kind: Pod
metadata:
  name: test
  labels:
    app: test
  namespace: test
spec:
  hostNetwork: true
  containers:
  - name: test
    image: GOOD_REGISTRY/read-only-container:v0.0.1
    ports:
    - containerPort: 8080
      hostPort: 8080
    securityContext:  
      allowPrivilegeEscalation: false  
      runAsUser: 1000
      readOnlyRootFilesystem: true