diff --git a/chart/keel/templates/deployment.yaml b/chart/keel/templates/deployment.yaml
index ee06557c..241042a1 100644
--- a/chart/keel/templates/deployment.yaml
+++ b/chart/keel/templates/deployment.yaml
@@ -24,6 +24,7 @@ spec:
 {{ toYaml . | indent 8 }}
 {{- end }}
     spec:
+      securityContext: {{ .Values.securityContext | toYaml | nindent 8 }}
       serviceAccountName: {{ template "serviceAccount.name" . }}
 {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
diff --git a/chart/keel/values.yaml b/chart/keel/values.yaml
index f1cecf43..a35ee324 100644
--- a/chart/keel/values.yaml
+++ b/chart/keel/values.yaml
@@ -191,6 +191,9 @@ affinity: {}
 
 tolerations: {}
 
+# https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+securityContext: {}
+
 # base64 encoded json of GCP service account
 # more info available here: https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform
 # e.g. --set googleApplicationCredentials=$(cat <JSON_KEY_FIEL> | base64)