apiVersion: apps/v1
kind: Deployment
metadata:
  name: odm-lab-odm-decisioncenter
spec:
  template:
    spec:
      automountServiceAccountToken: false
      # Pod-level settings (keep these)
      securityContext:
        runAsUser: 1001
        runAsGroup: 1001
        supplementalGroups: [1001]

      # NEW: Explicitly inject into the Main Container
      containers:
      - name: odm-decisioncenter
        securityContext:
          seccompProfile:
            type: RuntimeDefault

      # NEW: Explicitly inject into the Init Containers
      initContainers:
      - name: init-folder-readonlyfs
        securityContext:
          seccompProfile:
            type: RuntimeDefault