spec:
  securityContext:
    fsGroup: 1000
  containers:
  - name: build
    image: docker.io/rust:1.63
    command:
    - sleep
    - infinity
    securityContext:
      readOnlyRootFilesystem: true
      runAsUser: 1000
  - name: podman
    image: quay.io/containers/podman:v3.4
    command:
    - sleep
    - infinity
    securityContext:
      privileged: true