diff --git a/deploy/cert-manager-webhook-selectel/templates/deployment.yaml b/deploy/cert-manager-webhook-selectel/templates/deployment.yaml
index 8ea0100..766621e 100644
--- a/deploy/cert-manager-webhook-selectel/templates/deployment.yaml
+++ b/deploy/cert-manager-webhook-selectel/templates/deployment.yaml
@@ -30,17 +30,18 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
+            - --secure-port=8443
             - --tls-cert-file=/tls/tls.crt
             - --tls-private-key-file=/tls/tls.key
           env:
             - name: GROUP_NAME
               value: {{ .Values.groupName | quote }}
-          {{- with .Values.extraEnv }}
-          {{- toYaml . | nindent 12 }}
-          {{- end }}
+            {{- with .Values.extraEnv }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
           ports:
             - name: https
-              containerPort: 443
+              containerPort: 8443
               protocol: TCP
           livenessProbe:
             httpGet:
@@ -52,25 +53,33 @@ spec:
               scheme: HTTPS
               path: /healthz
               port: https
+          {{- with .Values.containerSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           volumeMounts:
             - name: certs
               mountPath: /tls
               readOnly: true
+          {{- with .Values.resources }}
           resources:
-{{ toYaml .Values.resources | indent 12 }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
       volumes:
         - name: certs
           secret:
             secretName: {{ include "cert-manager-webhook-selectel.servingCertificate" . }}
-    {{- with .Values.nodeSelector }}
+      {{- with .Values.nodeSelector }}
       nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
+        {{- range $key, $value := . }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
+      {{- with .Values.affinity }}
       affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
       tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/deploy/cert-manager-webhook-selectel/values.yaml b/deploy/cert-manager-webhook-selectel/values.yaml
index 87b58e8..3b89981 100644
--- a/deploy/cert-manager-webhook-selectel/values.yaml
+++ b/deploy/cert-manager-webhook-selectel/values.yaml
@@ -46,3 +46,15 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+  runAsGroup: 1000
+  capabilities:
+    drop:
+      - ALL
+  seccompProfile:
+    type: RuntimeDefault