---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: internal-proxy-deployment
  labels:
    app: internal-proxy
spec:
  selector:
    matchLabels:
      app: internal-proxy
  template:
    metadata:
      labels:
        app: internal-proxy
    spec:
      automountServiceAccountToken: false
      containers:
        - name: internal-api
          image: test-image
          livenessProbe:
            path: /testLivenessProbe
          readinessProbe:
            path: /testReadinessProbe
          resources:
            limits:
              cpu: 30m
              memory: 40Mi
            requests:
              cpu: 30m
              memory: 40Mi
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            runAsUser: 10001
          ports:
            - containerPort: 3000
      securityContext:
        seccompProfile:
          type: RuntimeDefault
...
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
spec:
  podSelector:
    matchLabels:
      app: internal-proxy
  policyTypes:
    - Ingress
  ingress:
    - from:
      - ipBlock:
          cidr: 172.17.0.0/16
...