diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet
index f002e3c74a773be51cacd3e726aa9e8d8564a58b..72aec924107dbab3bd3d53dde672462bb82e7e3f 100644
--- a/jsonnet/kube-prometheus/components/grafana.libsonnet
+++ b/jsonnet/kube-prometheus/components/grafana.libsonnet
@@ -116,6 +116,9 @@ function(params)
         template+: {
           spec+: {
             automountServiceAccountToken: false,
+            securityContext+: {
+              runAsGroup: 65534,
+            },
           },
         },
       },
diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml
index d7a6a5fb8198d6ae74a1c3852fc7eef5c7281fd2..1b65b4c6b8ab66a6760069360411fc206ee195f9 100644
--- a/manifests/grafana-deployment.yaml
+++ b/manifests/grafana-deployment.yaml
@@ -152,6 +152,7 @@ spec:
         kubernetes.io/os: linux
       securityContext:
         fsGroup: 65534
+        runAsGroup: 65534
         runAsNonRoot: true
         runAsUser: 65534
       serviceAccountName: grafana