polaris/test/checks/insecureCapabilities/success.pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    env: test
spec:
  securityContext:
    capabilities:
      drop:
  containers:
  - name: nginx
    image: nginx
    securityContext:
      capabilities:
        drop:
          - NET_ADMIN
          - CHOWN
          - DAC_OVERRIDE
          - FSETID
          - FOWNER
          - MKNOD
          - NET_RAW
          - SETGID
          - SETUID
          - SETFCAP
          - SETPCAP
          - NET_BIND_SERVICE
          - SYS_CHROOT
          - KILL
          - AUDIT_WRITE