Improve tutorial manifests

The securityContext parameters should be available into the manifests.
Without it, testing the k8up on the MicroShift environment will raise
warnings:

    Warning: would violate PodSecurity "restricted:latest":
    seccompProfile (pod or container "mariadb" must set
    securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

Also added the registry prefix to the images used in the tutorial, to
avoid complication when the runtime environment would not choose
docker.io as a default registry and removed namespace parameter from
secrets manifests, because other manifests in the tutorial does not have
such parameter (so if someone will use other namespace than 'default',
services/deployments will faile because of missing secrets).

docs/modules/ROOT/examples/tutorial/mariadb/deployment.yaml

@@ -19,8 +19,18 @@ spec:
       annotations:
         k8up.io/backupcommand: /bin/bash -c 'mysqldump -uroot -p"${MARIADB_ROOT_PASSWORD}" --all-databases'
     spec:
+      securityContext:
+        runAsUser: 10002
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       containers:
-      - image: mariadb:10.4
+      - image: docker.io/mariadb:10.4
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
         name: mariadb
         readinessProbe:
           timeoutSeconds: 1

docs/modules/ROOT/examples/tutorial/minio/deployment.yaml

@@ -17,12 +17,22 @@ spec:
       - name: data
         persistentVolumeClaim:
           claimName: minio-pvc
+      securityContext:
+        runAsUser: 10002
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - name: minio
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
         volumeMounts:
         - name: data
           mountPath: "/data"
-        image: minio/minio
+        image: docker.io/minio/minio
         args:
         - server
         - /data

docs/modules/ROOT/examples/tutorial/secrets/backup-repo.yaml

@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: backup-repo
-  namespace: default
 type: Opaque
 stringData:
   password: p@ssw0rd

docs/modules/ROOT/examples/tutorial/secrets/mariadb-pass.yaml

@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mariadb-pass
-  namespace: default
 type: Opaque
 stringData:
   password: ola0thai0eixieCie6Yahcooz3doojee

docs/modules/ROOT/examples/tutorial/secrets/minio-credentials.yaml

@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: minio-credentials
-  namespace: default
 type: Opaque
 stringData:
   username: minio

docs/modules/ROOT/examples/tutorial/wordpress/deployment.yaml

@@ -17,8 +17,18 @@ spec:
         app: wordpress
         tier: frontend
     spec:
+      securityContext:
+        runAsUser: 10002
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       containers:
-      - image: wordpress:5.4-apache
+      - image: docker.io/wordpress:5.4-apache
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
         name: wordpress
         env:
         - name: WORDPRESS_DB_HOST