diff --git a/kubernetes/manifests/discord/bot/deployment.yaml b/kubernetes/manifests/discord/bot/deployment.yaml
index f4a1caa..a7dc79b 100644
--- a/kubernetes/manifests/discord/bot/deployment.yaml
+++ b/kubernetes/manifests/discord/bot/deployment.yaml
@@ -20,3 +20,12 @@ spec:
           envFrom:
             - secretRef:
                 name: bot-env
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            runAsUser: 10000
+            runAsGroup: 10000
+            readOnlyRootFilesystem: true
diff --git a/kubernetes/manifests/dragonfly/client/deployment.yaml b/kubernetes/manifests/dragonfly/client/deployment.yaml
index 519aa3a..8d3eaf7 100644
--- a/kubernetes/manifests/dragonfly/client/deployment.yaml
+++ b/kubernetes/manifests/dragonfly/client/deployment.yaml
@@ -20,3 +20,12 @@ spec:
           envFrom:
             - secretRef:
                 name: dragonfly-client-env
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            runAsUser: 10000
+            runAsGroup: 10000
+            readOnlyRootFilesystem: true
diff --git a/kubernetes/manifests/dragonfly/loader/cronjob.yaml b/kubernetes/manifests/dragonfly/loader/cronjob.yaml
new file mode 100644
index 0000000..eae7908
--- /dev/null
+++ b/kubernetes/manifests/dragonfly/loader/cronjob.yaml
@@ -0,0 +1,20 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  namespace: dragonfly
+  name: dragonfly-loader
+spec:
+  schedule: '* * * * *'
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: dragonfly-loader
+              image: ghcr.io/vipyrsec/dragonfly-loader:v1.0.1
+              imagePullPolicy: Always
+              envFrom:
+                - secretRef:
+                    name: dragonfly-loader-env
+          restartPolicy: Never
diff --git a/kubernetes/manifests/dragonfly/loader/deployment.yaml b/kubernetes/manifests/dragonfly/loader/deployment.yaml
deleted file mode 100644
index a39a3aa..0000000
--- a/kubernetes/manifests/dragonfly/loader/deployment.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  namespace: dragonfly
-  name: dragonfly-loader
-spec:
-  schedule: "* * * * *"
-  concurrencyPolicy: Forbid
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          containers:
-          - name: dragonfly-loader
-            image: ghcr.io/vipyrsec/dragonfly-loader:v1.0.1
-            imagePullPolicy: Always
-            envFrom:
-              - secretRef:
-                  name: dragonfly-loader-env
-          restartPolicy: Never
diff --git a/kubernetes/manifests/dragonfly/mainframe/deployment.yaml b/kubernetes/manifests/dragonfly/mainframe/deployment.yaml
index b138cc8..3acbc64 100644
--- a/kubernetes/manifests/dragonfly/mainframe/deployment.yaml
+++ b/kubernetes/manifests/dragonfly/mainframe/deployment.yaml
@@ -20,3 +20,12 @@ spec:
           envFrom:
             - secretRef:
                 name: dragonfly-mainframe-env
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            runAsUser: 10000
+            runAsGroup: 10000
+            readOnlyRootFilesystem: true