diff --git a/Dockerfile b/Dockerfile
index 2da7fcb48..bbbaf1bc0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,8 +41,6 @@ RUN apk add --no-cache ca-certificates tini
 
 COPY --from=builder /workspace/helm-controller /usr/local/bin/
 
-RUN addgroup -S controller && adduser -S controller -G controller
-
-USER controller
+USER 65534:65534
 
 ENTRYPOINT [ "/sbin/tini", "--", "helm-controller" ]
diff --git a/config/manager/deployment.yaml b/config/manager/deployment.yaml
index 0619b9000..663088dde 100644
--- a/config/manager/deployment.yaml
+++ b/config/manager/deployment.yaml
@@ -25,6 +25,11 @@ spec:
         securityContext:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          capabilities:
+            drop: ["ALL"]
+          seccompProfile:
+            type: RuntimeDefault
         ports:
           - containerPort: 8080
             name: http-prom
diff --git a/go.mod b/go.mod
index 124135e2e..5a8f6a687 100644
--- a/go.mod
+++ b/go.mod
@@ -19,6 +19,7 @@ require (
 	github.com/yvasiyarov/go-metrics v0.0.0-20150112132944-c25f46c4b940 // indirect
 	github.com/yvasiyarov/gorelic v0.0.7 // indirect
 	github.com/yvasiyarov/newrelic_platform_go v0.0.0-20160601141957-9c099fbc30e9 // indirect
+	golang.org/x/text v0.3.7 // indirect
 	helm.sh/helm/v3 v3.7.1
 	k8s.io/api v0.23.1
 	k8s.io/apiextensions-apiserver v0.23.1