apiVersion: apps/v1
kind: Deployment
metadata:
  name: psp-demo-unprivileged
  labels:
    test: psp
spec:
  replicas: 1
  selector:
    matchLabels:
      test: psp
  template:
    metadata:
      labels:
        test: psp
    spec:
      securityContext:
        runAsNonRoot: true
      containers:
      - name: sec-ctx-unprivileged
        image: nginxinc/nginx-unprivileged