diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json
index 0e75a6d8ae07648c586e1dbb3949e3c71c4f5729..e05e4e0a0c26fbec058f2a8f6d6550e261fd632a 100644
--- a/jsonnetfile.lock.json
+++ b/jsonnetfile.lock.json
@@ -8,7 +8,7 @@
                     "subdir": "contrib/kube-prometheus/jsonnet/kube-prometheus"
                 }
             },
-            "version": "433616b23b9c4bce759bc99c35ca2a66348c36b8"
+            "version": "cc1d3b421e00f8891582ba9692b78814220c69c6"
         },
         {
             "name": "ksonnet",
diff --git a/manifests/alertmanager-alertmanager.yaml b/manifests/alertmanager-alertmanager.yaml
index 2230ea9e30f62e1e4ee22e3084eeb3b59198cf9d..c6f8ce05965d837565948431a3c9c400d6a5738e 100644
--- a/manifests/alertmanager-alertmanager.yaml
+++ b/manifests/alertmanager-alertmanager.yaml
@@ -10,5 +10,9 @@ spec:
   nodeSelector:
     beta.kubernetes.io/os: linux
   replicas: 3
+  securityContext:
+    fsGroup: 2000
+    runAsNonRoot: true
+    runAsUser: 1000
   serviceAccountName: alertmanager-main
   version: v0.15.3
diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml
index 94fd64dc250a0cb3bca49ebf760b30d44314590c..c16914b09a4bf8dbd1b368f52d96c4cd8db93832 100644
--- a/manifests/prometheus-prometheus.yaml
+++ b/manifests/prometheus-prometheus.yaml
@@ -22,6 +22,10 @@ spec:
     matchLabels:
       prometheus: k8s
       role: alert-rules
+  securityContext:
+    fsGroup: 2000
+    runAsNonRoot: true
+    runAsUser: 1000
   serviceAccountName: prometheus-k8s
   serviceMonitorNamespaceSelector: {}
   serviceMonitorSelector: {}