diff --git a/ci/podTemplate.yaml b/ci/podTemplate.yaml
index 07f5903..154b1d7 100644
--- a/ci/podTemplate.yaml
+++ b/ci/podTemplate.yaml
@@ -7,6 +7,9 @@ spec:
     command:
     - sleep
     - infinity
+    securityContext:
+      readOnlyRootFilesystem: true
+      runAsUser: 1000
   - name: node
     image: docker.io/node:16-bullseye-slim
     command:
@@ -23,3 +26,4 @@ spec:
         cpu: 1.0
     securityContext:
       readOnlyRootFilesystem: true
+      runAsUser: 1000