apiVersion : kyverno.io/v1alpha1
kind: Policy
metadata:
  name: policy-security-context
spec:
  rules:
  - name: set-userID
    resource:
      kinds:
      - Deployment
      selector :
        matchLabels:
          app.type: prod
    mutate:
      overlay:
        spec:
          template:
            spec:
              securityContext:
                runAsNonRoot: true