diff --git a/charts/controller_manager/templates/daemonset.yaml b/charts/controller_manager/templates/daemonset.yaml
index d9baba84..0b6efac3 100644
--- a/charts/controller_manager/templates/daemonset.yaml
+++ b/charts/controller_manager/templates/daemonset.yaml
@@ -42,6 +42,7 @@ spec:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+{{ dict "envAll" $envAll "application" "kubernetes" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       nodeSelector:
         {{ .Values.labels.controller_manager.node_selector_key }}: {{ .Values.labels.controller_manager.node_selector_value }}
       dnsPolicy: {{ .Values.anchor.dns_policy }}
@@ -62,6 +63,7 @@ spec:
           - name: ETC_PATH
             value: /host{{ .Values.controller_manager.host_etc_path }}
 {{ tuple $envAll $envAll.Values.pod.resources.anchor_pod | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "kubernetes" "container" "anchor" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/bin/anchor
           lifecycle:
diff --git a/charts/controller_manager/values.yaml b/charts/controller_manager/values.yaml
index 8d9a8e17..e9050398 100644
--- a/charts/controller_manager/values.yaml
+++ b/charts/controller_manager/values.yaml
@@ -78,6 +78,13 @@ dependencies:
   controller_manager:
 
 pod:
+  security_context:
+    kubernetes:
+      pod:
+        runAsUser: 0
+      container:
+        anchor:
+          readOnlyRootFilesystem: true
   mounts:
     controller_manager:
       init_container: null