diff --git a/etcd/templates/deployment.yaml b/etcd/templates/deployment.yaml
index bfb39b81eb..494ad5575a 100644
--- a/etcd/templates/deployment.yaml
+++ b/etcd/templates/deployment.yaml
@@ -40,6 +40,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+{{ dict "envAll" $envAll "application" "etcd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $rcControllerName | quote }}
       affinity:
 {{ tuple $envAll "etcd" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
@@ -50,6 +51,7 @@ spec:
       containers:
         - name: etcd
 {{ tuple $envAll "etcd" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ dict "envAll" $envAll "application" "etcd" "container" "etcd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/etcd.sh
           ports:
diff --git a/etcd/values.yaml b/etcd/values.yaml
index 9dea5b888b..5e74a531fd 100644
--- a/etcd/values.yaml
+++ b/etcd/values.yaml
@@ -51,6 +51,14 @@ dependencies:
       jobs: null
 
 pod:
+  security_context:
+    etcd:
+      pod:
+        runAsUser: 65534
+      container:
+        etcd:
+          runAsUser: 0
+          readOnlyRootFilesystem: false
   affinity:
     anti:
       type: