apiVersion: apps/v1
kind: Deployment
metadata:
  name: csc-demo-unprivileged
  labels:
    app.type: prod
spec:
  replicas: 1
  selector:
    matchLabels:
      app: psp
  template:
    metadata:
      labels:
        app: psp
    spec:
      containers:
      - name: sec-ctx-unprivileged
        image: nginxinc/nginx-unprivileged
        securityContext:
          runAsNonRoot: true
          allowPrivilegeEscalation: false