diff --git a/core/src/plugins/kubernetes/container/deployment.ts b/core/src/plugins/kubernetes/container/deployment.ts
index f02de23104..213913c644 100644
--- a/core/src/plugins/kubernetes/container/deployment.ts
+++ b/core/src/plugins/kubernetes/container/deployment.ts
@@ -401,7 +401,7 @@ export async function createWorkloadManifest({
     resources: getResourceRequirements({ cpu, memory }, limits),
     imagePullPolicy: "IfNotPresent",
     securityContext: {
-      allowPrivilegeEscalation: false,
+      allowPrivilegeEscalation: spec.privileged || false,
       ...getSecurityContext(spec.privileged, spec.addCapabilities, spec.dropCapabilities),
     },
   }
diff --git a/core/test/integ/src/plugins/kubernetes/container/deployment.ts b/core/test/integ/src/plugins/kubernetes/container/deployment.ts
index 205e19c3f2..34f0ffbac3 100644
--- a/core/test/integ/src/plugins/kubernetes/container/deployment.ts
+++ b/core/test/integ/src/plugins/kubernetes/container/deployment.ts
@@ -198,7 +198,7 @@ describe("kubernetes container deployment handlers", () => {
       })
 
       expect(resource.spec.template?.spec?.containers[0].securityContext).to.eql({
-        allowPrivilegeEscalation: false,
+        allowPrivilegeEscalation: true,
         privileged: true,
         capabilities: {
           add: ["SYS_TIME"],