apiVersion: v1
kind: Pod
metadata:
  name: test3
  namespace: policy-test
  labels:
    app: test
    owner: jimmy
    env: dev
    billing: lob-cc
spec:
  containers:
    - name: test
      image: public.ecr.aws/r2l1x4g2/go-http-server:v0.1.0-23ffe0a715
      imagePullPolicy: IfNotPresent
      securityContext:  
        allowPrivilegeEscalation: true  
        runAsUser: 1000  
        readOnlyRootFilesystem: false
        runAsNonRoot: false
        capabilities:
          drop: ["ALL"]  
        seccompProfile:
          type: "RuntimeDefault"
      ports:
      - containerPort: 8080
      resources:  
        limits:  
          cpu: 200m  
          memory: 20Mi  
        requests:  
          cpu: 100m  
          memory: 10Mi  
      readinessProbe:
        tcpSocket:
          port: 8080
        initialDelaySeconds: 5
        periodSeconds: 10
      livenessProbe:
        tcpSocket:
          port: 8080
        initialDelaySeconds: 15
        periodSeconds: 20
      volumeMounts:
        - mountPath: /tmp
          name: tmp
  volumes:
  - name: tmp
    emptyDir: {}