diff --git a/examples/autosharding/statefulset.yaml b/examples/autosharding/statefulset.yaml
index 29cf1b3196..34709b4803 100644
--- a/examples/autosharding/statefulset.yaml
+++ b/examples/autosharding/statefulset.yaml
@@ -59,7 +59,10 @@ spec:
             drop:
             - ALL
           readOnlyRootFilesystem: true
+          runAsNonRoot: true
           runAsUser: 65534
+          seccompProfile:
+            type: RuntimeDefault
       nodeSelector:
         kubernetes.io/os: linux
       serviceAccountName: kube-state-metrics
diff --git a/examples/daemonsetsharding/daemonset.yaml b/examples/daemonsetsharding/daemonset.yaml
index 54106a6e80..67a9c7fa1c 100644
--- a/examples/daemonsetsharding/daemonset.yaml
+++ b/examples/daemonsetsharding/daemonset.yaml
@@ -54,7 +54,10 @@ spec:
             drop:
             - ALL
           readOnlyRootFilesystem: true
+          runAsNonRoot: true
           runAsUser: 65534
+          seccompProfile:
+            type: RuntimeDefault
       nodeSelector:
         kubernetes.io/os: linux
       serviceAccountName: kube-state-metrics
diff --git a/examples/daemonsetsharding/deployment.yaml b/examples/daemonsetsharding/deployment.yaml
index a60e20a572..400efce0c0 100644
--- a/examples/daemonsetsharding/deployment.yaml
+++ b/examples/daemonsetsharding/deployment.yaml
@@ -48,7 +48,10 @@ spec:
             drop:
             - ALL
           readOnlyRootFilesystem: true
+          runAsNonRoot: true
           runAsUser: 65534
+          seccompProfile:
+            type: RuntimeDefault
       nodeSelector:
         kubernetes.io/os: linux
       serviceAccountName: kube-state-metrics
diff --git a/examples/standard/deployment.yaml b/examples/standard/deployment.yaml
index c34e9c811d..a6d60505ee 100644
--- a/examples/standard/deployment.yaml
+++ b/examples/standard/deployment.yaml
@@ -46,7 +46,10 @@ spec:
             drop:
             - ALL
           readOnlyRootFilesystem: true
+          runAsNonRoot: true
           runAsUser: 65534
+          seccompProfile:
+            type: RuntimeDefault
       nodeSelector:
         kubernetes.io/os: linux
       serviceAccountName: kube-state-metrics
diff --git a/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet
index 94cf3972bc..4ac16fbbc3 100644
--- a/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet
+++ b/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet
@@ -185,9 +185,11 @@
       ],
       securityContext: {
         runAsUser: 65534,
+        runAsNonRoot: true,
         allowPrivilegeEscalation: false,
         readOnlyRootFilesystem: true,
         capabilities: { drop: ['ALL'] },
+        seccompProfile: { type: 'RuntimeDefault' },
       },
       livenessProbe: { timeoutSeconds: 5, initialDelaySeconds: 5, httpGet: {
         port: 8080,