apiVersion: v1
kind: Pod
metadata:
  name: security-readonlyrootfilesystem
  namespace: default
  labels:
    name: security-readonlyrootfilesystem
spec:
  containers:
  - name: security-readonlyrootfilesystem
    image: nginx
    securityContext:
      readOnlyRootFilesystem: true
    resources:
      limits:
        memory: "64Mi"
        cpu: "100m"
    ports:
      - containerPort: 80