apiVersion: apps/v1
kind: Deployment
metadata:
  name: sample-deployment
  labels:
    app: app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: app
  template:
    metadata:
      labels:
        app: app
    spec:
      containers:
        - name: app
          env:
            - name: JAVA_TOOL_OPTIONS
              value: -Djava.net.preferIPv4Stack=true
          image: lightruncom/operator-demo-app
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop: ["ALL"]
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
        # Second container will be not patched, as not mentioned in the custom resource
        - name: non-patched-app
          image: lightruncom/operator-demo-app
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop: ["ALL"]
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault