diff --git a/Dockerfile b/Dockerfile
index 9ecbf4a..0f2ce74 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -34,5 +34,7 @@ COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
 # copy the binary to the production image from the builder stage
 COPY --from=builder /app/.bin/kubeip-agent /kubeip-agent
 
+USER 1001
+
 ENTRYPOINT ["/kubeip-agent"]
 CMD ["run"]
\ No newline at end of file
diff --git a/chart/templates/daemonset.yaml b/chart/templates/daemonset.yaml
index 5ec4d3d..9c1d59e 100644
--- a/chart/templates/daemonset.yaml
+++ b/chart/templates/daemonset.yaml
@@ -29,6 +29,11 @@ spec:
           effect: "NoSchedule"
         - operator: "Exists"
           effect: "NoExecute"
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1001
+        runAsGroup: 1001
+        fsGroup: 1001
       containers:
         - name: kubeip
           image: "{{ .Values.image.repository }}"
@@ -48,3 +53,10 @@ spec:
               value: {{ .Values.daemonSet.env.LOG_LEVEL | quote }}
             - name: LOG_JSON
               value: {{ .Values.daemonSet.env.LOG_JSON | quote }}
+          securityContext:
+            privileged: false
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true