diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
index fa85f0cf6130141c037c0bb919f6418e69ed0dd6..724087d6141577d7f0f90b2a934e4dab1fae1ceb 100644
--- a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
+++ b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
@@ -41,7 +41,9 @@
               { name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort },
             ],
             securityContext: {
-              runAsUser: 65534,
+              runAsUser: 65532,
+              runAsGroup: 65532,
+              runAsNonRoot: true,
             },
           }],
         },
diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
index 2865deca029b7744c80caefca22760712cc08a3f..c2288ce7a64ed4261185264570ed49d3890da8bd 100644
--- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
+++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
@@ -103,6 +103,11 @@
           { name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port },
         ],
         resources: $._config.resources['kube-rbac-proxy'],
+        securityContext: {
+          runAsUser: 65532,
+          runAsGroup: 65532,
+          runAsNonRoot: true,
+        },
       };
 
       {
diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml
index b54e64148c4ea9bde9e2863b44dde5f37daf51ba..9bda5c69b54b7296c517603f619d2066a769eddd 100644
--- a/manifests/kube-state-metrics-deployment.yaml
+++ b/manifests/kube-state-metrics-deployment.yaml
@@ -36,7 +36,9 @@ spec:
         - containerPort: 8443
           name: https-main
         securityContext:
-          runAsUser: 65534
+          runAsGroup: 65532
+          runAsNonRoot: true
+          runAsUser: 65532
       - args:
         - --logtostderr
         - --secure-listen-address=:9443
@@ -48,7 +50,9 @@ spec:
         - containerPort: 9443
           name: https-self
         securityContext:
-          runAsUser: 65534
+          runAsGroup: 65532
+          runAsNonRoot: true
+          runAsUser: 65532
       nodeSelector:
         kubernetes.io/os: linux
       serviceAccountName: kube-state-metrics
diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml
index 32a4e6cfbd6cb18d3647eca62d0af4e85a1aa93a..9a6f163d8462d463ede1f4867942383a323956eb 100644
--- a/manifests/node-exporter-daemonset.yaml
+++ b/manifests/node-exporter-daemonset.yaml
@@ -70,6 +70,10 @@ spec:
           requests:
             cpu: 10m
             memory: 20Mi
+        securityContext:
+          runAsGroup: 65532
+          runAsNonRoot: true
+          runAsUser: 65532
       hostNetwork: true
       hostPID: true
       nodeSelector:
diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml
index 119f639057ef1355a0ef99e49642e319ae2d4872..d4fc4b3fc835422dbded4643a091b5d00934d6d1 100644
--- a/manifests/setup/prometheus-operator-deployment.yaml
+++ b/manifests/setup/prometheus-operator-deployment.yaml
@@ -50,7 +50,9 @@ spec:
         - containerPort: 8443
           name: https
         securityContext:
-          runAsUser: 65534
+          runAsGroup: 65532
+          runAsNonRoot: true
+          runAsUser: 65532
       nodeSelector:
         beta.kubernetes.io/os: linux
       securityContext: