diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet
index f6df20e0cdce6db7b23db3c222ad2886dcc12f2d..f002e3c74a773be51cacd3e726aa9e8d8564a58b 100644
--- a/jsonnet/kube-prometheus/components/grafana.libsonnet
+++ b/jsonnet/kube-prometheus/components/grafana.libsonnet
@@ -110,30 +110,12 @@ function(params)
       },
     },
 
-    // FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
-    // 'allowPrivilegeEscalation: false' can be deleted when https://github.com/brancz/kubernetes-grafana/pull/128 gets merged.
-    // 'readOnlyRootFilesystem: true' and extra volumeMounts can be deleted when https://github.com/brancz/kubernetes-grafana/pull/129 gets merged.
     // FIXME(paulfantom): `automountServiceAccountToken` can be removed after porting to brancz/kuberentes-grafana
     deployment+: {
       spec+: {
         template+: {
           spec+: {
             automountServiceAccountToken: false,
-            containers: std.map(function(c) c {
-              securityContext+: {
-                allowPrivilegeEscalation: false,
-                readOnlyRootFilesystem: true,
-              },
-              volumeMounts+: [{
-                mountPath: '/tmp',
-                name: 'tmp-plugins',
-                readOnly: false,
-              }],
-            }, super.containers),
-            volumes+: [{
-              name: 'tmp-plugins',
-              emptyDir: {},
-            }],
           },
         },
       },
diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json
index 08d0922916b1110ab8c45cc177de2efc05db5e4d..4609e601cf4f0872f38eb2acd4c329984eb9e4e3 100644
--- a/jsonnetfile.lock.json
+++ b/jsonnetfile.lock.json
@@ -8,8 +8,8 @@
           "subdir": "grafana"
         }
       },
-      "version": "1c4d84de1c059b55ce83fdd76fbb4f58530b7d55",
-      "sum": "iZK7E+zDsk1zF1z4kb/RT2QGkxUaFt8pakwTA4lBPiU="
+      "version": "d039275e4916aceae1c137120882e01d857787ac",
+      "sum": "515vMn4x4tP8vegL4HLW0nDO5+njGTgnDZB5OOhtsCI="
     },
     {
       "source": {
diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml
index d0e463affea39f3bc0e57a5e82c1906496e32f78..2c9fda149d173b52515ba8059f1ef3e4d71c56e2 100644
--- a/manifests/grafana-deployment.yaml
+++ b/manifests/grafana-deployment.yaml
@@ -62,6 +62,9 @@ spec:
         - mountPath: /etc/grafana/provisioning/dashboards
           name: grafana-dashboards
           readOnly: false
+        - mountPath: /tmp
+          name: tmp-plugins
+          readOnly: false
         - mountPath: /grafana-dashboard-definitions/0/alertmanager-overview
           name: grafana-dashboard-alertmanager-overview
           readOnly: false
@@ -137,9 +140,6 @@ spec:
         - mountPath: /etc/grafana
           name: grafana-config
           readOnly: false
-        - mountPath: /tmp
-          name: tmp-plugins
-          readOnly: false
       nodeSelector:
         kubernetes.io/os: linux
       securityContext:
@@ -156,6 +156,9 @@ spec:
       - configMap:
           name: grafana-dashboards
         name: grafana-dashboards
+      - emptyDir:
+          medium: Memory
+        name: tmp-plugins
       - configMap:
           name: grafana-dashboard-alertmanager-overview
         name: grafana-dashboard-alertmanager-overview
@@ -231,5 +234,3 @@ spec:
       - name: grafana-config
         secret:
           secretName: grafana-config
-      - emptyDir: {}
-        name: tmp-plugins