diff --git a/assets/apps/0000_60_service-ca_05_deploy.yaml b/assets/apps/0000_60_service-ca_05_deploy.yaml
index 547c3bdd52..ecf3f206e8 100644
--- a/assets/apps/0000_60_service-ca_05_deploy.yaml
+++ b/assets/apps/0000_60_service-ca_05_deploy.yaml
@@ -23,7 +23,10 @@ spec:
         app: service-ca
         service-ca: "true"
     spec:
-      securityContext: {}
+      securityContext:
+        runAsGroup: 1001
+        runAsNonRoot: true
+        runAsUser: 1001
       serviceAccount: service-ca
       serviceAccountName: service-ca
       containers:
@@ -33,8 +36,6 @@ spec:
         command: ["service-ca-operator", "controller"]
         ports:
         - containerPort: 8443
-        # securityContext:
-        #   runAsNonRoot: true
         resources:
           requests:
             memory: 120Mi
diff --git a/pkg/assets/apps/bindata.go b/pkg/assets/apps/bindata.go
index 444e6bd06a..61fa2c0e6f 100644
--- a/pkg/assets/apps/bindata.go
+++ b/pkg/assets/apps/bindata.go
@@ -204,7 +204,10 @@ spec:
         app: service-ca
         service-ca: "true"
     spec:
-      securityContext: {}
+      securityContext:
+        runAsGroup: 1001
+        runAsNonRoot: true
+        runAsUser: 1001
       serviceAccount: service-ca
       serviceAccountName: service-ca
       containers:
@@ -214,8 +217,6 @@ spec:
         command: ["service-ca-operator", "controller"]
         ports:
         - containerPort: 8443
-        # securityContext:
-        #   runAsNonRoot: true
         resources:
           requests:
             memory: 120Mi