[...]
 apiVersion: v1
 kind: Pod
 metadata:
   name: hello-world
 spec:
   containers:
   # Specification of the Pod's Containers
   securityContext:
     readOnlyRootFilesystem: true
     runAsNonRoot: true
 [...]