diff --git a/charts/primary-site/templates/cronjobs/garbage-collector.yaml b/charts/primary-site/templates/cronjobs/garbage-collector.yaml
index 298e1ef..7b712b2 100644
--- a/charts/primary-site/templates/cronjobs/garbage-collector.yaml
+++ b/charts/primary-site/templates/cronjobs/garbage-collector.yaml
@@ -33,6 +33,11 @@ spec:
           containers:
             - name: garbage-collector
               image: {{ .Values.garbageCollector.deployment.image }}:{{ .Chart.AppVersion }}
+              securityContext:
+                allowPrivilegeEscalation: false
+                runAsNonRoot: true
+                runAsUser: 65534
+                runAsGroup: 65534
               volumeMounts:
                 - mountPath: /secrets
                   name: cloud-credentials
diff --git a/charts/primary-site/templates/deployments/_inbox-container.tpl b/charts/primary-site/templates/deployments/_inbox-container.tpl
index 8c34754..0c3a786 100644
--- a/charts/primary-site/templates/deployments/_inbox-container.tpl
+++ b/charts/primary-site/templates/deployments/_inbox-container.tpl
@@ -40,6 +40,11 @@ template:
     containers:
       - name: inbox-listener
         image: {{ .Values.inboxListener.deployment.image }}:{{ .Chart.AppVersion }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          runAsUser: 65534
+          runAsGroup: 65534
         resources:
           requests:
             cpu: {{ .Values.inboxListener.deployment.resources.requests.cpu }}
diff --git a/charts/primary-site/templates/deployments/kube-state-metrics.yaml b/charts/primary-site/templates/deployments/kube-state-metrics.yaml
index 58ef7cb..002641b 100644
--- a/charts/primary-site/templates/deployments/kube-state-metrics.yaml
+++ b/charts/primary-site/templates/deployments/kube-state-metrics.yaml
@@ -64,6 +64,7 @@ spec:
             readOnlyRootFilesystem: true
             runAsNonRoot: true
             runAsUser: 65534
+            runAsGroup: 65534
             seccompProfile:
               type: RuntimeDefault
           args:
diff --git a/charts/primary-site/templates/deployments/query-server.yaml b/charts/primary-site/templates/deployments/query-server.yaml
index 613a109..06272aa 100644
--- a/charts/primary-site/templates/deployments/query-server.yaml
+++ b/charts/primary-site/templates/deployments/query-server.yaml
@@ -43,6 +43,11 @@ spec:
       containers:
         - name: query-service
           image: {{ $values.deployment.image }}:{{ .Chart.AppVersion }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            runAsUser: 65534
+            runAsGroup: 65534
           resources:
             requests:
               cpu: {{ $values.deployment.resources.requests.cpu }}
diff --git a/charts/primary-site/templates/deployments/site-controller.yaml b/charts/primary-site/templates/deployments/site-controller.yaml
index 8a4ae23..084d086 100644
--- a/charts/primary-site/templates/deployments/site-controller.yaml
+++ b/charts/primary-site/templates/deployments/site-controller.yaml
@@ -34,6 +34,11 @@ spec:
       containers:
         - name: site-controller
           image: {{ .Values.siteController.deployment.image }}:{{ .Chart.AppVersion }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            runAsUser: 65534
+            runAsGroup: 65534
           resources:
             requests:
               cpu: {{ .Values.siteController.deployment.resources.requests.cpu }}