diff --git a/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl b/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
index f38a40c9..2cf3c5ca 100644
--- a/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
+++ b/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
@@ -50,12 +50,14 @@ metadata:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 {{- dict "envAll" $envAll "podName" "apiserver" "containerNames" (list "apiserver") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
+{{ dict "envAll" $envAll "application" "apiserver" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
   hostNetwork: true
   shareProcessNamespace: true
   containers:
     - name: apiserver
       image: {{ .Values.images.tags.apiserver }}
 {{ tuple $envAll $envAll.Values.pod.resources.kubernetes_apiserver | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+{{ dict "envAll" $envAll "application" "apiserver" "container" "apiserver" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
       env:
         - name: POD_IP
           valueFrom:
diff --git a/charts/apiserver/values.yaml b/charts/apiserver/values.yaml
index 7366a32c..77114000 100644
--- a/charts/apiserver/values.yaml
+++ b/charts/apiserver/values.yaml
@@ -287,6 +287,13 @@ pod:
         apiserver_key_rotate:
           runAsUser: 0
           readOnlyRootFilesystem: false
+    apiserver:
+      pod:
+        runAsUser: 65534
+      container:
+        apiserver:
+          runAsUser: 0
+          readOnlyRootFilesystem: false
   mounts:
     kubernetes_apiserver:
       init_container: null
diff --git a/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl b/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl
index 886bc5ff..4f41afd5 100644
--- a/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl
+++ b/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl
@@ -26,11 +26,13 @@ metadata:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 {{ dict "envAll" $envAll "podName" "controller-manager" "containerNames" (list "controller-manager") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
+{{ dict "envAll" $envAll "application" "controller_manager" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
   hostNetwork: true
   containers:
     - name: controller-manager
       image: {{ .Values.images.tags.controller_manager }}
 {{ tuple $envAll $envAll.Values.pod.resources.controller_manager | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+{{ dict "envAll" $envAll "application" "controller_manager" "container" "controller_manager" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
       env:
         - name: POD_IP
           valueFrom:
diff --git a/charts/controller_manager/values.yaml b/charts/controller_manager/values.yaml
index f285f5e9..7e217302 100644
--- a/charts/controller_manager/values.yaml
+++ b/charts/controller_manager/values.yaml
@@ -98,6 +98,12 @@ pod:
       container:
         anchor:
           readOnlyRootFilesystem: true
+    controller_manager:
+      pod:
+        runAsUser: 0
+      container:
+        controller_manager:
+          readOnlyRootFilesystem: true
   mounts:
     controller_manager:
       init_container: null
diff --git a/charts/haproxy/templates/etc/_haproxy.yaml.tpl b/charts/haproxy/templates/etc/_haproxy.yaml.tpl
index 402feb7d..c67a9166 100644
--- a/charts/haproxy/templates/etc/_haproxy.yaml.tpl
+++ b/charts/haproxy/templates/etc/_haproxy.yaml.tpl
@@ -27,12 +27,14 @@ metadata:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 {{ dict "envAll" $envAll "podName" "haproxy" "containerNames" (list "haproxy") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
+{{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
   hostNetwork: true
   containers:
     - name: haproxy
       image: {{ .Values.images.tags.haproxy }}
       imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple . .Values.pod.resources.haproxy_pod | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+{{ dict "envAll" $envAll "application" "server" "container" "haproxy" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
       hostNetwork: true
       env:
         - name: HAPROXY_CONF
diff --git a/charts/haproxy/values.yaml b/charts/haproxy/values.yaml
index 64ac72d6..7cdf02f6 100644
--- a/charts/haproxy/values.yaml
+++ b/charts/haproxy/values.yaml
@@ -108,6 +108,13 @@ pod:
         haproxy_haproxy_test:
           runAsUser: 0
           readOnlyRootFilesystem: true
+    server:
+      pod:
+        runAsUser: 65534
+      container:
+        haproxy:
+          runAsUser: 0
+          readOnlyRootFilesystem: false
   lifecycle:
     upgrades:
       daemonsets:
diff --git a/charts/scheduler/templates/etc/_kubernetes-scheduler.yaml.tpl b/charts/scheduler/templates/etc/_kubernetes-scheduler.yaml.tpl
index 79309bfc..8fc9da69 100644
--- a/charts/scheduler/templates/etc/_kubernetes-scheduler.yaml.tpl
+++ b/charts/scheduler/templates/etc/_kubernetes-scheduler.yaml.tpl
@@ -28,11 +28,13 @@ metadata:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 {{ dict "envAll" $envAll "podName" "scheduler" "containerNames" (list "scheduler") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
+{{ dict "envAll" $envAll "application" "scheduler" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
   hostNetwork: true
   containers:
     - name: scheduler
       image: {{ .Values.images.tags.scheduler }}
 {{ tuple $envAll $envAll.Values.pod.resources.scheduler_pod | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+{{ dict "envAll" $envAll "application" "scheduler" "container" "scheduler" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
       env:
         - name: POD_IP
           valueFrom:
diff --git a/charts/scheduler/values.yaml b/charts/scheduler/values.yaml
index 6961704b..cc7d3390 100644
--- a/charts/scheduler/values.yaml
+++ b/charts/scheduler/values.yaml
@@ -38,6 +38,9 @@ pod:
         anchor:
           runAsUser: 0
           readOnlyRootFilesystem: true
+        scheduler:
+          runAsUser: 0
+          readOnlyRootFilesystem: false
   lifecycle:
     upgrades:
       daemonsets: