Scenario:

You have create PodSecurityPolicy to run as “RunasNonRootUser”

kind: PodSecurityPolicy
runAsUser:
  # Require the container to run without root privileges.
  rule: 'MustRunAsNonRoot'

Also you added following statement in deployment.yaml, created proper serviceaccount and role/rolebinding.

securityContext:
  runAsUser: 999
serviceAccountName: testservice

Still you receive this error which pod is started-

container has runAsNonRoot and image will run as root

Solution:

One of the reasons for this error could be non availability of  /tmp volume. Create a volume /tmp and mount it for the container.

The deployment.yaml should look like below after mounting /tmp volume as highlighted.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: testservice
  namespace: testnamespace
spec:
  replicas: 1
  revisionHistoryLimit: 1
  selector:
    matchLabels:
      app: testservice-v1
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: testservice-v1
    spec:
      containers:
      - env:
        image: xxxxxxxxxxxxxxxxxxxxxxxx
        imagePullPolicy: Always
        name: testservice
        ports:
        - containerPort: 8080
        volumeMounts:
        - mountPath: /tmp
          name: tmp-vol
      imagePullSecrets:
      - name: aws-registry
      securityContext:
        runAsUser: 999
      serviceAccountName: testservice
      volumes:
      - emptyDir:
          medium: Memory
        name: tmp-vol

This will resolve the error.