apiVersion: v1
kind: Pod
metadata:
  name: notary-admit-non-ecr
  namespace: test
spec:
  containers:
    - name: test-pod-gcrio
      image: registry.k8s.io/pause:3.1
      imagePullPolicy: &imagePullPolicy Always
      securityContext:
        allowPrivilegeEscalation: false  
        runAsUser: 1000  
        readOnlyRootFilesystem: true
        runAsNonRoot: true
        capabilities:
          drop: ["ALL"]  
        seccompProfile:
          type: "RuntimeDefault"