apiVersion: v1
kind: Pod
metadata:
  name: notary-admit-bad
  namespace: test
spec:
  containers:
    - name: test-pod-bad
      image: <IMAGE_URL>
      imagePullPolicy: Always
      securityContext:  
        allowPrivilegeEscalation: false  
        runAsUser: 1000  
        readOnlyRootFilesystem: true
        runAsNonRoot: true
        capabilities:
          drop: ["ALL"]  
        seccompProfile:
          type: "RuntimeDefault"