# Once pod is running: # kubectl -n NAME-SPACE-TO-TEST exec -it pod/POD_NAME /bin/sh apiVersion: apps/v1 kind: Deployment metadata: name: podman labels: app: podman spec: replicas: 1 selector: matchLabels: app: podman template: metadata: labels: app: podman # can be removed once the podman upstream AppArmor profile is fixed / allows mount syscall annotations: container.apparmor.security.beta.kubernetes.io/podman: unconfined spec: containers: - name: podman image: public.ecr.aws/zero-downtime/jenkins-podman:latest command: - podman args: - "system" - "info" resources: limits: github.com/fuse: 1