apiVersion: apps/v1
kind: Deployment
metadata:
name: not-important
spec:
template:
containers:
- name: cert-manager-webhook-dnsimple
sysctls:
- name: "net.ipv4.ip_unprivileged_port_start"
value: "0"
securityContext:
capabilities:
drop:
- "ALL"
add:
- "NET_BIND_SERVICE"