diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
index 8f70486c816e5edf9ad3812e2160f6341d6f47de..c5934732b172db290e3858b045d425938f3864f5 100644
--- a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
+++ b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
@@ -35,6 +35,7 @@ local containerPort = container.portsType;
         spec+: {
           containers+: [
             container.new(krp.config.kubeRbacProxy.name, krp.config.kubeRbacProxy.image) +
+            container.mixin.securityContext.withRunAsUser(65534) +	    
             container.withArgs([
               '--logtostderr',
               '--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress,
diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml
index 7fdfc6f337757c992ad31a6d168d6c2bcb9b0f81..325e24b72169c47857820d7604fa245acbcd67ce 100644
--- a/manifests/kube-state-metrics-deployment.yaml
+++ b/manifests/kube-state-metrics-deployment.yaml
@@ -37,6 +37,8 @@ spec:
         ports:
         - containerPort: 8443
           name: https-main
+        securityContext:
+          runAsUser: 65534
       - args:
         - --logtostderr
         - --secure-listen-address=:9443
@@ -47,6 +49,8 @@ spec:
         ports:
         - containerPort: 9443
           name: https-self
+        securityContext:
+          runAsUser: 65534
       nodeSelector:
         kubernetes.io/os: linux
       serviceAccountName: kube-state-metrics