diff --git a/nfd-daemonset-combined.yaml.template b/nfd-daemonset-combined.yaml.template
index 8d77bd57d..0074d8f5e 100644
--- a/nfd-daemonset-combined.yaml.template
+++ b/nfd-daemonset-combined.yaml.template
@@ -64,6 +64,12 @@ spec:
                 fieldPath: spec.nodeName
           image: quay.io/kubernetes_incubator/node-feature-discovery:v0.5.0
           name: nfd-master
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
           command:
             - "nfd-master"
         - env:
@@ -73,6 +79,12 @@ spec:
                 fieldPath: spec.nodeName
           image: quay.io/kubernetes_incubator/node-feature-discovery:v0.5.0
           name: nfd-worker
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
           command:
             - "nfd-worker"
           args:
diff --git a/nfd-master.yaml.template b/nfd-master.yaml.template
index 5057ac025..4891f2e19 100644
--- a/nfd-master.yaml.template
+++ b/nfd-master.yaml.template
@@ -79,6 +79,12 @@ spec:
                 fieldPath: spec.nodeName
           image: quay.io/kubernetes_incubator/node-feature-discovery:v0.5.0
           name: nfd-master
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
           command:
             - "nfd-master"
 ## Enable TLS authentication
diff --git a/nfd-worker-daemonset.yaml.template b/nfd-worker-daemonset.yaml.template
index dd3d23e01..1579b21d6 100644
--- a/nfd-worker-daemonset.yaml.template
+++ b/nfd-worker-daemonset.yaml.template
@@ -23,6 +23,12 @@ spec:
                 fieldPath: spec.nodeName
           image: quay.io/kubernetes_incubator/node-feature-discovery:v0.5.0
           name: nfd-worker
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
           command:
             - "nfd-worker"
           args:
diff --git a/nfd-worker-job.yaml.template b/nfd-worker-job.yaml.template
index e3db89aed..e962b9694 100644
--- a/nfd-worker-job.yaml.template
+++ b/nfd-worker-job.yaml.template
@@ -32,6 +32,12 @@ spec:
                 fieldPath: spec.nodeName
           image: quay.io/kubernetes_incubator/node-feature-discovery:v0.5.0
           name: nfd-worker
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
           command:
             - "nfd-worker"
           args: