diff --git a/templates/kyverno.yaml b/templates/kyverno.yaml
new file mode 100644
index 0000000..5beda95
--- /dev/null
+++ b/templates/kyverno.yaml
@@ -0,0 +1,38 @@
+apiVersion: kyverno.io/v1
+kind: Policy
+metadata:
+  name: require-run-as-non-root-user
+  namespace: memelord-raiko
+  annotations:
+    policies.kyverno.io/title: Require Run As Non-Root User
+    policies.kyverno.io/category: Pod Security Standards (Restricted)
+    policies.kyverno.io/severity: medium
+    policies.kyverno.io/subject: Pod
+    kyverno.io/kyverno-version: 1.6.0
+    kyverno.io/kubernetes-version: 1.22-1.23
+    policies.kyverno.io/description: Containers must be required to run as non-root users. This policy ensures `runAsUser` is either unset or set to a number greater than zero.
+spec:
+  validationFailureAction: Audit
+  background: true
+  rules:
+    - name: run-as-non-root-user
+      match:
+        any:
+          - resources:
+              kinds:
+                - Pod
+      validate:
+        message: Running as root is not allowed. The fields spec.securityContext.runAsUser, spec.containers[*].securityContext.runAsUser, spec.initContainers[*].securityContext.runAsUser, and spec.ephemeralContainers[*].securityContext.runAsUser must be unset or set to a number greater than zero.
+        pattern:
+          spec:
+            "=(securityContext)":
+              "=(runAsUser)": ">0"
+            "=(ephemeralContainers)":
+              - "=(securityContext)":
+                  "=(runAsUser)": ">0"
+            "=(initContainers)":
+              - "=(securityContext)":
+                  "=(runAsUser)": ">0"
+            containers:
+              - "=(securityContext)":
+                  "=(runAsUser)": ">0"