diff --git a/Dockerfile b/Dockerfile
index bd84aaa2..a4e99a99 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -43,9 +43,7 @@ COPY --from=builder /workspace/kustomize-controller /usr/local/bin/
 # https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-354316460
 RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
 
-RUN addgroup -S controller && adduser -S controller -G controller
-
-USER controller
+USER 65534:65534
 
 ENV GNUPGHOME=/tmp
 
diff --git a/config/manager/deployment.yaml b/config/manager/deployment.yaml
index 2dcce470..e64d3de9 100644
--- a/config/manager/deployment.yaml
+++ b/config/manager/deployment.yaml
@@ -29,6 +29,12 @@ spec:
         securityContext:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          capabilities:
+            drop: [ "ALL" ]
+          seccompProfile:
+            type: RuntimeDefault
+
         ports:
           - containerPort: 8080
             name: http-prom