diff --git a/Dockerfile b/Dockerfile
index d0014f1..459a142 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,9 +3,11 @@ WORKDIR /go/src/github.com/deliveryhero/k8s-event-logger
 COPY main.go .
 RUN go get -d -v ./...
 RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o main .
-
+RUN adduser --disabled-login --no-create-home --disabled-password --system --uid 101 non-root
 FROM alpine:3.9.3
 RUN apk --no-cache add ca-certificates
-WORKDIR /root/
+WORKDIR /
 COPY --from=0 /go/src/github.com/deliveryhero/k8s-event-logger/main k8s-event-logger
-CMD ["/root/k8s-event-logger"]
+USER 101
+ENV USER non-root
+CMD ["/k8s-event-logger"]
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
index 8e1989c..8683b2b 100644
--- a/chart/templates/deployment.yaml
+++ b/chart/templates/deployment.yaml
@@ -28,6 +28,9 @@ spec:
         - name: app
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
           env:
 {{- range $key, $value := .Values.env }}
           - name: {{ $key }}
diff --git a/chart/values.yaml b/chart/values.yaml
index c579645..a567c1e 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1,6 +1,6 @@
 image:
   repository: tools4k8s/k8s-event-logger
-  tag: "1.2"
+  tag: "1.3"
   pullPolicy: IfNotPresent
 
 resources: