diff --git a/charts/proxy/templates/daemonset.yaml b/charts/proxy/templates/daemonset.yaml
index 8105768b..1807f2a2 100644
--- a/charts/proxy/templates/daemonset.yaml
+++ b/charts/proxy/templates/daemonset.yaml
@@ -39,6 +39,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+{{ dict "envAll" $envAll "application" "proxy" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       hostNetwork: true
       shareProcessNamespace: true
       dnsPolicy: Default
@@ -63,8 +64,7 @@ spec:
           - --v={{ .Values.proxy.logging.log_level }}
           {{- end }}
 {{ tuple $envAll $envAll.Values.pod.resources.proxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
-        securityContext:
-          privileged: true
+{{ dict "envAll" $envAll "application" "proxy" "container" "proxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
         env:
           - name: KUBERNETES_SERVICE_HOST
             value: {{ .Values.kube_service.host }}
diff --git a/charts/proxy/values.yaml b/charts/proxy/values.yaml
index 3ab9347e..80c071b1 100644
--- a/charts/proxy/values.yaml
+++ b/charts/proxy/values.yaml
@@ -18,6 +18,15 @@ manifests:
   rbac: true
 
 pod:
+  security_context:
+    proxy:
+      pod:
+        runAsUser: 65534
+      container:
+        proxy:
+          runAsUser: 0
+          privileged: true
+          readOnlyRootFilesystem: false
   lifecycle:
     upgrades:
       daemonsets: