spec:
  containers:
  - name: buildroot
    image: registry.pyrocufflink.blue/buildroot
    command:
    - sleep
    - infinity
    securityContext:
      readOnlyRootFilesystem: true
      runAsUser: 1000