apiVersion : kyverno.io/v1alpha1
kind: Policy
metadata:
  name: policy-security-context
spec:
  rules:
  - name: validate-runAsNonRoot
    match:
      resources:
        kinds:
        - Deployment
        selector :
          matchLabels:
            test: psp
    validate:
      message: "security context 'runAsNonRoot' shoud be set to true"
      pattern:
        spec:
          template:
            spec:
              securityContext:
                runAsNonRoot: true