diff --git a/infrastructure/monitoring/x509-exporter.yaml b/infrastructure/monitoring/x509-exporter.yaml
index 997ae98160a7eda8ec176a08051e15e84ac7a2a3..fab9695ca6b6c33f035450c66f4e85c9b3b6356a 100644
--- a/infrastructure/monitoring/x509-exporter.yaml
+++ b/infrastructure/monitoring/x509-exporter.yaml
@@ -28,6 +28,15 @@ spec:
       podAnnotations:
         prometheus.io/port: "9793"
         prometheus.io/scrape: "true"
+      securityContext:
+        capabilities:
+          drop:
+            - ALL
+          add:
+            - CAP_DAC_OVERRIDE
+        readOnlyRootFilesystem: true
+        runAsGroup: 0
+        runAsUser: 0
       daemonSets:
         cp:
           nodeSelector: