apiVersion: v1
kind: Pod
metadata:
  name: good-pod-1
  namespace: default
spec:
  containers:
  - name: nginx1
    image: nginx
    args:
    - sleep
    - 1d
    securityContext:
      seccompProfile:
        type: RuntimeDefault
      runAsNonRoot: true
      runAsUser: 1
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL
  initContainers:
  - name: nginx2
    image: nginx
    args:
    - sleep
    - 1d
    securityContext:
      seccompProfile:
        type: RuntimeDefault
      runAsNonRoot: true
      runAsUser: 1000
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL