diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml
index 644147fe..7d43fc9b 100644
--- a/charts/armada/templates/deployment-api.yaml
+++ b/charts/armada/templates/deployment-api.yaml
@@ -160,6 +160,7 @@ spec:
         - name: tiller
 {{ tuple $envAll "tiller" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.tiller | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "armada" "container" "tiller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           env:
             - name: TILLER_NAMESPACE
               value: {{ .Values.conf.tiller.namespace | quote }}
diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml
index 97fa6407..2885c7c1 100644
--- a/charts/armada/values.yaml
+++ b/charts/armada/values.yaml
@@ -263,7 +263,7 @@ pod:
   security_context:
     armada:
       pod:
-        runAsUser: 65534
+        runAsUser: 1000
       container:
         armada_api_init:
           readOnlyRootFilesystem: true
@@ -271,6 +271,10 @@ pod:
         armada_api:
           readOnlyRootFilesystem: true
           allowPrivilegeEscalation: false
+        tiller:
+          runAsUser: 65534
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
   env:
     # NOTE(@drewwalters96): These configuration values change the Armada API's
     #    uWSGI configuration.
@@ -304,8 +308,14 @@ pod:
         volumes: []
         volumeMounts: []
       tiller:
-        volumes: []
-        volumeMounts: []
+        volumes:
+          - name: kubernetes-client-cache
+            emptyDir: {}
+        volumeMounts:
+          - name: kubernetes-client-cache
+            # Should be the `$HOME/.kube` of the `runAsUser` above
+            # as this is where tiller's kubernetes client roots its cache dir.
+            mountPath: /tmp/.kube
   affinity:
     anti:
       type: