apiVersion: apps/v1
kind: Deployment
metadata:
  name: ubuntu-deployment
  namespace: demo
  labels:
    app: ubuntu-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ubuntu-deployment
  template:
    metadata:
      labels:
        app: ubuntu-deployment
    spec:
      hostname: ubuntu
      subdomain: pod
      securityContext:
        runAsNonRoot: true
        fsGroup: 1002070000
        fsGroupChangePolicy: OnRootMismatch
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: ubuntu-deployment-pod
          image: ubuntu:22.04
          imagePullPolicy: IfNotPresent
          command: ["bash","-lc","sleep infinity"]
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop: ["ALL"]
            readOnlyRootFilesystem: false
          resources:
            requests:
              cpu: 200m
              memory: 512Mi
            limits:
              cpu: "1"
              memory: 1Gi
          volumeMounts:
            - name: ubuntu-pod-datadisk-1
              mountPath: /data
      volumes:
        - name: ubuntu-pod-datadisk-1
          persistentVolumeClaim:
            claimName: ubuntu-pod-datadisk-1