diff --git a/k8s/deployments.yaml b/k8s/deployments.yaml
index 36be384..132aee7 100644
--- a/k8s/deployments.yaml
+++ b/k8s/deployments.yaml
@@ -12,10 +12,6 @@ spec:
       labels:
         app: astrojs
     spec:
-      securityContext:
-        runAsGroup: 1001
-        runAsNonRoot: true
-        runAsUser: 1001
       imagePullSecrets:
         - name: registry-auth
       initContainers:
@@ -25,14 +21,16 @@ spec:
             - chown
             - 1001:1001
             - /app/cache
-          securityContext:
-            runAsNonRoot: false
           volumeMounts:
           - name: cache
             mountPath: "/app/cache"
       containers:
         - name: web
           image: registry.k8s.astropenguin.net/astrojs:2022.03.15.04
+          securityContext:
+            runAsGroup: 1001
+            runAsNonRoot: true
+            runAsUser: 1001
           env:
             - name: FLASK_DEBUG
               value: "0"
@@ -47,6 +45,10 @@ spec:
           image: redis:6.0.8-alpine
         - name: compiler
           image: registry.k8s.astropenguin.net/astrojs:2022.03.15.04
+          securityContext:
+            runAsGroup: 1001
+            runAsNonRoot: true
+            runAsUser: 1001
           env:
             - name: RUN_MODE
               value: "tasks"