apiVersion: apps/v1
kind: Deployment
metadata:
  name: not-important
spec:
  template:
    spec:
      containers:
      - name: cert-manager-webhook-dnsimple
        sysctls:
        - name: "net.ipv4.ip_unprivileged_port_start"
          value: "0"
        securityContext:
          capabilities:
            drop:
            - "ALL"
            add:
            - "NET_BIND_SERVICE"