From e335e3f7ce852e9d5b9915968b6835f001e317dc Mon Sep 17 00:00:00 2001
From: Fredrik Klingenberg <fredrkl@gmail.com>
Date: Mon, 8 May 2023 13:19:13 +0200
Subject: [PATCH] doc: Showcasing a PSS restricred compliant pod

Signed-off-by: Fredrik Klingenberg <fredrkl@gmail.com>
---
 .../valid-tech-lead-label-restricted.yaml     | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 demo-pods/valid-tech-lead-label-restricted.yaml

diff --git a/demo-pods/valid-tech-lead-label-restricted.yaml b/demo-pods/valid-tech-lead-label-restricted.yaml
new file mode 100644
index 0000000..237c283
--- /dev/null
+++ b/demo-pods/valid-tech-lead-label-restricted.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  namespace: demo-pods
+  labels:
+    run: failing-demo
+    tech-lead: "John"
+  name: valid-tech-lead-demo
+spec:
+  securityContext:
+    runAsUser: 3000
+    runAsGroup: 3000
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
+  containers:
+  - image: busybox
+    name: failing-demo
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+    command:
+      - sleep
+      - "3600"