diff --git a/charts/mastodon/tests/__snapshot__/50_sidekiq_test.yaml.snap b/charts/mastodon/tests/__snapshot__/50_sidekiq_test.yaml.snap
index f079b253891faf7ee063260a0aa41f9396da8f19..aae9120646d81f6394b5a5b1a4c98b88fd8c7de5 100644
--- a/charts/mastodon/tests/__snapshot__/50_sidekiq_test.yaml.snap
+++ b/charts/mastodon/tests/__snapshot__/50_sidekiq_test.yaml.snap
@@ -64,7 +64,6 @@ should match basic snapshot:
           annotations:
             checksum/config-configmap: 6171320454845e8c5c867b5db63251ff95089e25c0200ca8f72d6bb9f6535726
             checksum/config-secrets: c0d40e352ffcd2127af550b605bb0464640cd2960d007d940960d3d69d3c6aa4
-            rollme: "0"
           labels:
             app.kubernetes.io/component: sidekiq-all-queues
             app.kubernetes.io/instance: RELEASE-NAME
@@ -117,9 +116,13 @@ should match basic snapshot:
                 - mountPath: /opt/mastodon/public/system
                   name: system
           securityContext:
+            allowPrivilegeEscalation: false
             fsGroup: 991
             runAsGroup: 991
+            runAsNonRoot: true
             runAsUser: 991
+            seccompProfile:
+              type: RuntimeDefault
           serviceAccountName: RELEASE-NAME-mastodon
           volumes:
             - name: assets
diff --git a/charts/mastodon/tests/__snapshot__/50_web_test.yaml.snap b/charts/mastodon/tests/__snapshot__/50_web_test.yaml.snap
index 5f28d6107aab30bfc2f6c416b08207de256fbca2..9cdc3e704f3ac05b94ad437d2f27a0851cd56541 100644
--- a/charts/mastodon/tests/__snapshot__/50_web_test.yaml.snap
+++ b/charts/mastodon/tests/__snapshot__/50_web_test.yaml.snap
@@ -60,7 +60,6 @@ should match basic snapshot:
           annotations:
             checksum/config-configmap: 6171320454845e8c5c867b5db63251ff95089e25c0200ca8f72d6bb9f6535726
             checksum/config-secrets: c0d40e352ffcd2127af550b605bb0464640cd2960d007d940960d3d69d3c6aa4
-            rollme: "0"
           labels:
             app.kubernetes.io/component: web
             app.kubernetes.io/instance: RELEASE-NAME
@@ -121,9 +120,13 @@ should match basic snapshot:
                 - mountPath: /opt/mastodon/public/system
                   name: system
           securityContext:
+            allowPrivilegeEscalation: false
             fsGroup: 991
             runAsGroup: 991
+            runAsNonRoot: true
             runAsUser: 991
+            seccompProfile:
+              type: RuntimeDefault
           serviceAccountName: RELEASE-NAME-mastodon
           volumes:
             - name: assets
diff --git a/charts/mastodon/tests/__snapshot__/98_snapshot_test.yaml.snap b/charts/mastodon/tests/__snapshot__/98_snapshot_test.yaml.snap
index 17307d37446fd2c616dfd629f190ee58f85a9a91..185f24a63fb08a85812be043485b44cac9288ca6 100644
--- a/charts/mastodon/tests/__snapshot__/98_snapshot_test.yaml.snap
+++ b/charts/mastodon/tests/__snapshot__/98_snapshot_test.yaml.snap
@@ -132,7 +132,6 @@ should match basic snapshot:
           annotations:
             checksum/config-configmap: 6171320454845e8c5c867b5db63251ff95089e25c0200ca8f72d6bb9f6535726
             checksum/config-secrets: c0d40e352ffcd2127af550b605bb0464640cd2960d007d940960d3d69d3c6aa4
-            rollme: "0"
           labels:
             app.kubernetes.io/component: sidekiq-all-queues
             app.kubernetes.io/instance: RELEASE-NAME
@@ -185,9 +184,13 @@ should match basic snapshot:
                 - mountPath: /opt/mastodon/public/system
                   name: system
           securityContext:
+            allowPrivilegeEscalation: false
             fsGroup: 991
             runAsGroup: 991
+            runAsNonRoot: true
             runAsUser: 991
+            seccompProfile:
+              type: RuntimeDefault
           serviceAccountName: RELEASE-NAME-mastodon
           volumes:
             - name: assets
@@ -219,7 +222,6 @@ should match basic snapshot:
           annotations:
             checksum/config-configmap: 6171320454845e8c5c867b5db63251ff95089e25c0200ca8f72d6bb9f6535726
             checksum/config-secrets: c0d40e352ffcd2127af550b605bb0464640cd2960d007d940960d3d69d3c6aa4
-            rollme: "0"
           labels:
             app.kubernetes.io/component: streaming
             app.kubernetes.io/instance: RELEASE-NAME
@@ -263,9 +265,13 @@ should match basic snapshot:
                   path: /api/v1/streaming/health
                   port: streaming
           securityContext:
+            allowPrivilegeEscalation: false
             fsGroup: 991
             runAsGroup: 991
+            runAsNonRoot: true
             runAsUser: 991
+            seccompProfile:
+              type: RuntimeDefault
           serviceAccountName: RELEASE-NAME-mastodon
   5: |
     apiVersion: apps/v1
@@ -291,7 +297,6 @@ should match basic snapshot:
           annotations:
             checksum/config-configmap: 6171320454845e8c5c867b5db63251ff95089e25c0200ca8f72d6bb9f6535726
             checksum/config-secrets: c0d40e352ffcd2127af550b605bb0464640cd2960d007d940960d3d69d3c6aa4
-            rollme: "0"
           labels:
             app.kubernetes.io/component: web
             app.kubernetes.io/instance: RELEASE-NAME
@@ -352,9 +357,13 @@ should match basic snapshot:
                 - mountPath: /opt/mastodon/public/system
                   name: system
           securityContext:
+            allowPrivilegeEscalation: false
             fsGroup: 991
             runAsGroup: 991
+            runAsNonRoot: true
             runAsUser: 991
+            seccompProfile:
+              type: RuntimeDefault
           serviceAccountName: RELEASE-NAME-mastodon
           volumes:
             - name: assets