diff --git a/test/e2e/node_feature_discovery.go b/test/e2e/node_feature_discovery.go
index 141215445..f166ca3e7 100644
--- a/test/e2e/node_feature_discovery.go
+++ b/test/e2e/node_feature_discovery.go
@@ -38,9 +38,8 @@ import (
 	e2elog "k8s.io/kubernetes/test/e2e/framework/log"
 	e2enetwork "k8s.io/kubernetes/test/e2e/framework/network"
 	e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
-	nfdclient "sigs.k8s.io/node-feature-discovery/pkg/generated/clientset/versioned"
-
 	nfdv1alpha1 "sigs.k8s.io/node-feature-discovery/pkg/apis/nfd/v1alpha1"
+	nfdclient "sigs.k8s.io/node-feature-discovery/pkg/generated/clientset/versioned"
 	"sigs.k8s.io/node-feature-discovery/source/custom"
 	testutils "sigs.k8s.io/node-feature-discovery/test/e2e/utils"
 )
diff --git a/test/e2e/topology_updater.go b/test/e2e/topology_updater.go
index 266625be2..42afbdd28 100644
--- a/test/e2e/topology_updater.go
+++ b/test/e2e/topology_updater.go
@@ -36,6 +36,7 @@ import (
 	"k8s.io/kubernetes/test/e2e/framework"
 	"k8s.io/kubernetes/test/e2e/framework/kubelet"
 	e2enetwork "k8s.io/kubernetes/test/e2e/framework/network"
+	admissionapi "k8s.io/pod-security-admission/api"
 
 	testutils "sigs.k8s.io/node-feature-discovery/test/e2e/utils"
 )
@@ -51,7 +52,7 @@ var _ = SIGDescribe("Node Feature Discovery topology updater", func() {
 	)
 
 	f := framework.NewDefaultFramework("node-topology-updater")
-
+	f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
 	BeforeEach(func() {
 		var err error
 
diff --git a/test/e2e/utils/pod.go b/test/e2e/utils/pod.go
index 8726f41df..fd6c0c43e 100644
--- a/test/e2e/utils/pod.go
+++ b/test/e2e/utils/pod.go
@@ -203,6 +203,8 @@ func newDaemonSet(name string, podSpec *corev1.PodSpec) *appsv1.DaemonSet {
 }
 
 func nfdWorkerPodSpec(image string, extraArgs []string) *corev1.PodSpec {
+	yes := true
+	no := false
 	return &corev1.PodSpec{
 		Containers: []corev1.Container{
 			{
@@ -221,6 +223,15 @@ func nfdWorkerPodSpec(image string, extraArgs []string) *corev1.PodSpec {
 						},
 					},
 				},
+				SecurityContext: &corev1.SecurityContext{
+					Capabilities: &corev1.Capabilities{
+						Drop: []corev1.Capability{"ALL"},
+					},
+					Privileged:               &no,
+					RunAsNonRoot:             &yes,
+					ReadOnlyRootFilesystem:   &yes,
+					AllowPrivilegeEscalation: &no,
+				},
 				VolumeMounts: []corev1.VolumeMount{
 					{
 						Name:      "host-boot",