diff --git a/ollama/justfile b/ollama/justfile
index 534924c..3fb55ab 100644
--- a/ollama/justfile
+++ b/ollama/justfile
@@ -29,6 +29,12 @@ create-namespace:
     if ! kubectl get namespace ${OLLAMA_NAMESPACE} &>/dev/null; then
         kubectl create namespace ${OLLAMA_NAMESPACE}
     fi
+    kubectl label namespace ${OLLAMA_NAMESPACE} \
+        pod-security.kubernetes.io/enforce=restricted \
+        pod-security.kubernetes.io/enforce-version=latest \
+        pod-security.kubernetes.io/warn=restricted \
+        pod-security.kubernetes.io/warn-version=latest \
+        --overwrite
 
 # Delete Ollama namespace
 delete-namespace:
diff --git a/ollama/values.gomplate.yaml b/ollama/values.gomplate.yaml
index 22462c4..e7c6f18 100644
--- a/ollama/values.gomplate.yaml
+++ b/ollama/values.gomplate.yaml
@@ -19,6 +19,21 @@ ollama:
 {{- end }}
 {{- end }}
 
+podSecurityContext:
+  fsGroup: 1000
+  seccompProfile:
+    type: RuntimeDefault
+
+securityContext:
+  runAsUser: 1000
+  runAsNonRoot: true
+  allowPrivilegeEscalation: false
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop:
+      - ALL
+
 persistentVolume:
   enabled: true
   size: {{ .Env.OLLAMA_STORAGE_SIZE }}