spec:
containers:
- name: buildroot
image: registry.pyrocufflink.blue/buildroot
command:
- sleep
- infinity
securityContext:
readOnlyRootFilesystem: true
runAsUser: 1000