diff --git a/docker/app/Dockerfile b/docker/app/Dockerfile
index 70dbc37eb..3933da75d 100644
--- a/docker/app/Dockerfile
+++ b/docker/app/Dockerfile
@@ -8,5 +8,9 @@ FROM alpine:latest
 RUN apk --no-cache add \
   ca-certificates
 COPY --from=0 /go/src/github.com/spotahome/redis-operator/bin/linux/redis-operator /usr/local/bin
+RUN addgroup -g 1000 rf && \
+    adduser -D -u 1000 -G rf rf && \
+    chown rf:rf /usr/local/bin/redis-operator
+USER rf
 
 ENTRYPOINT ["/usr/local/bin/redis-operator"]
diff --git a/example/operator/all-redis-operator-resources.yaml b/example/operator/all-redis-operator-resources.yaml
index c04e4bee1..ef71cc427 100644
--- a/example/operator/all-redis-operator-resources.yaml
+++ b/example/operator/all-redis-operator-resources.yaml
@@ -21,6 +21,10 @@ spec:
         - image: quay.io/spotahome/redis-operator:latest
           imagePullPolicy: IfNotPresent
           name: app
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
           resources:
             limits:
               cpu: 100m
diff --git a/example/operator/operator.yaml b/example/operator/operator.yaml
index 049ac6b71..845719a8d 100644
--- a/example/operator/operator.yaml
+++ b/example/operator/operator.yaml
@@ -21,6 +21,10 @@ spec:
         - image: quay.io/spotahome/redis-operator:latest
           imagePullPolicy: IfNotPresent
           name: app
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
           resources:
             limits:
               cpu: 100m