apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-deny
spec:
  replicas: 3
  selector:
    matchLabels:
      app: hello-kubernetes
  template:
    metadata:
      labels:
        app: hello-kubernetes
    spec:
      containers:
      - name: hello-kubernetes
        image: hello-kubernetes:1.5
        ports:
        - containerPort: 8080
      volumeMounts:
      - mountPath: /test-pd
        name: test-volume
      volumes:
      - name: test-volume
        hostPath:
          path: /var/run/docker.sock
      securityContext:
        sysctls:
        - name: foo
