apiVersion: v1
kind: Pod
metadata:
  name: badpod02
  namespace: staging-ns
spec:
  containers:
  - name: container01
    image: busybox:1.28
    securityContext:
      allowPrivilegeEscalation: false
      runAsNonRoot: true
      seccompProfile:
        type: RuntimeDefault
      capabilities:
        add:
        - SYS_ADMIN
        drop:
        - ALL