diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml
index bddba4744e..e940b1c2f7 100644
--- a/cinder/templates/deployment-api.yaml
+++ b/cinder/templates/deployment-api.yaml
@@ -73,8 +73,7 @@ spec:
         - name: cinder-api
 {{ tuple $envAll "cinder_api" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
-            allowPrivilegeEscalation: false
+{{ dict "envAll" $envAll "application" "cinder" "container" "cinder-api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/cinder-api.sh
             - start
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
index de63418b39..fdce03a9b6 100644
--- a/cinder/templates/deployment-backup.yaml
+++ b/cinder/templates/deployment-backup.yaml
@@ -130,6 +130,7 @@ spec:
         - name: cinder-backup
 {{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "cinder" "container" "cinder-backup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           securityContext:
             capabilities:
               add:
diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml
index ee72b9cb7e..992883bb51 100644
--- a/cinder/templates/deployment-scheduler.yaml
+++ b/cinder/templates/deployment-scheduler.yaml
@@ -72,8 +72,7 @@ spec:
         - name: cinder-scheduler
 {{ tuple $envAll "cinder_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
-            allowPrivilegeEscalation: false
+{{ dict "envAll" $envAll "application" "cinder" "container" "cinder-scheduler" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/cinder-scheduler.sh
           volumeMounts:
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
index 299cee9f0f..a34b4532db 100644
--- a/cinder/templates/deployment-volume.yaml
+++ b/cinder/templates/deployment-volume.yaml
@@ -94,8 +94,7 @@ spec:
         - name: cinder-volume
 {{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.volume | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
-            allowPrivilegeEscalation: true
+{{ dict "envAll" $envAll "application" "cinder" "container" "cinder-volume" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/cinder-volume.sh
           volumeMounts:
diff --git a/cinder/values.yaml b/cinder/values.yaml
index 2dcdb1bd46..a879e1f211 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -77,9 +77,23 @@ jobs:
       failed: 1
 
 pod:
-  user:
+  security_context:
     cinder:
-      uid: 42424
+      pod:
+        runAsUser: 42424
+      container:
+        cinder_api:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+        cinder_backup:
+          redOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+        cinder_scheduler:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+        cinder_volume:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
   affinity:
     anti:
       type: