diff --git a/k8s/base/deployment.yaml b/k8s/base/deployment.yaml
index ce0712e4..a65ab83a 100644
--- a/k8s/base/deployment.yaml
+++ b/k8s/base/deployment.yaml
@@ -34,9 +34,12 @@ spec:
 
           securityContext:
             readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
             capabilities:
               drop:
                 - "ALL"
+            seccompProfile:
+              type: RuntimeDefault
 
           volumeMounts:
             - mountPath: /tmp # to support readOnlyRootFilesystem