diff --git a/kitchen/kitchen.yaml b/kitchen/kitchen.yaml
index 789b43d..d955e1e 100644
--- a/kitchen/kitchen.yaml
+++ b/kitchen/kitchen.yaml
@@ -42,11 +42,17 @@ spec:
         ports:
         - containerPort: 8000
           name: http
+        securityContext:
+          readOnlyRootFilesystem: true
         volumeMounts:
         - name: config
           mountPath: /kitchen.yaml
           subPath: config.yaml
           readOnly: true
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 17402
+        runAsGroup: 17402
       volumes:
       - name: config
         secret: