kyverno/test/conformance/chainsaw/exceptions/exclude-restricted-capabilities/pod-allowed-1.yaml

apiVersion: v1
kind: Pod
metadata:
  name: good-pod-1
  namespace: default
spec:
  containers:
  - name: nginx1
    image: nginx
    args:
    - sleep
    - 1d
    securityContext:
      seccompProfile:
        type: RuntimeDefault
      runAsNonRoot: true
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL
        add:
        - NET_BIND_SERVICE
  initContainers:
  - name: nginx2
    image: nginx
    args:
    - sleep
    - 1d
    securityContext:
      seccompProfile:
        type: RuntimeDefault
      runAsNonRoot: true
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL