spec:
  securityContext:
    fsGroup: 1000
  containers:
  - name: buildroot
    image: git.pyrocufflink.net/containerimages/buildroot
    command:
    - sleep
    - infinity
    volumeMounts:
    - name: tmp
      mountPath: /tmp
    securityContext:
      readOnlyRootFilesystem: true
      runAsUser: 1000
  volumes:
  - name: tmp
    emptyDir:
      medium: Memory
      sizeLimit: 100Mi