diff --git a/charts/bindplane/templates/prometheus.yaml b/charts/bindplane/templates/prometheus.yaml
index 14100ebf..d230cc5e 100644
--- a/charts/bindplane/templates/prometheus.yaml
+++ b/charts/bindplane/templates/prometheus.yaml
@@ -30,7 +30,11 @@ spec:
           image: ghcr.io/observiq/bindplane-prometheus:{{ include "bindplane.tag" . }}
           imagePullPolicy: IfNotPresent
           securityContext:
+            runAsNonRoot: true
             readOnlyRootFilesystem: true
+            runAsUser: 65534
+            capabilities:
+              drop: ["ALL"]
           ports:
             - name: http
               containerPort: 9090