diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml
index 76b7f402d0b61663ae91ee44d8f815bb96f7ba42..27900a1ff2890d4bf7d8121d3f09022231c80a0d 100644
--- a/charts/supabase/values.yaml
+++ b/charts/supabase/values.yaml
@@ -195,15 +195,16 @@ studio:
     # If not set and create is true, a name is generated using the fullname template
     name: ""
   podAnnotations: {}
-  podSecurityContext: {}
+  podSecurityContext:
+    runAsUser: 1000
     # fsGroup: 2000
-  securityContext: {}
+  securityContext:
     # capabilities:
     #   drop:
     #   - ALL
     # readOnlyRootFilesystem: true
     # runAsNonRoot: true
-    # runAsUser: 1000
+    runAsUser: 1000
   service:
     type: ClusterIP
     port: 3000
@@ -448,15 +449,16 @@ realtime:
     # If not set and create is true, a name is generated using the fullname template
     name: ""
   podAnnotations: {}
-  podSecurityContext: {}
+  podSecurityContext:
+    runAsUser: 65534
     # fsGroup: 2000
-  securityContext: {}
+  securityContext:
     # capabilities:
     #   drop:
     #   - ALL
     # readOnlyRootFilesystem: true
-    # runAsNonRoot: true
-    # runAsUser: 1000
+    runAsNonRoot: true
+    runAsUser: 65534
   service:
     type: ClusterIP
     port: 4000
@@ -878,15 +880,16 @@ analytics:
     # If not set and create is true, a name is generated using the fullname template
     name: ""
   podAnnotations: {}
-  podSecurityContext: {}
+  podSecurityContext:
+    runAsUser: 65534
     # fsGroup: 2000
-  securityContext: {}
+  securityContext:
     # capabilities:
     #   drop:
     #   - ALL
     # readOnlyRootFilesystem: true
     # runAsNonRoot: true
-    # runAsUser: 1000
+    runAsUser: 65534
   service:
     type: ClusterIP
     port: 4000
@@ -962,15 +965,16 @@ vector:
     # If not set and create is true, a name is generated using the fullname template
     name: ""
   podAnnotations: {}
-  podSecurityContext: {}
+  podSecurityContext:
+    runAsUser: 65534
     # fsGroup: 2000
-  securityContext: {}
+  securityContext:
     # capabilities:
     #   drop:
     #   - ALL
     # readOnlyRootFilesystem: true
     # runAsNonRoot: true
-    # runAsUser: 1000
+    runAsUser: 65534
   service:
     type: ClusterIP
     port: 9001
@@ -1029,15 +1033,16 @@ functions:
     # If not set and create is true, a name is generated using the fullname template
     name: ""
   podAnnotations: {}
-  podSecurityContext: {}
+  podSecurityContext:
+    runAsUser: 65534
     # fsGroup: 2000
-  securityContext: {}
+  securityContext:
     # capabilities:
     #   drop:
     #   - ALL
     # readOnlyRootFilesystem: true
     # runAsNonRoot: true
-    # runAsUser: 1000
+    runAsUser: 65534
   service:
     type: ClusterIP
     port: 9000