diff --git a/test/e2e/util/k8s/deployment.go b/test/e2e/util/k8s/deployment.go
index bfa1252a28..eb4a811376 100644
--- a/test/e2e/util/k8s/deployment.go
+++ b/test/e2e/util/k8s/deployment.go
@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/vmware-tanzu/velero/pkg/util/boolptr"
 	"golang.org/x/net/context"
 	apps "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/core/v1"
@@ -59,11 +60,28 @@ func NewDeployment(name, ns string, replicas int32, labels map[string]string) *a
 					Labels: labels,
 				},
 				Spec: v1.PodSpec{
+					SecurityContext: &v1.PodSecurityContext{
+						FSGroup:             func(i int64) *int64 { return &i }(65534),
+						FSGroupChangePolicy: func(policy v1.PodFSGroupChangePolicy) *v1.PodFSGroupChangePolicy { return &policy }(v1.FSGroupChangeAlways),
+					},
 					Containers: []v1.Container{
 						{
 							Name:    name,
 							Image:   "gcr.io/velero-gcp/busybox:latest",
 							Command: []string{"sleep", "1000000"},
+							// Make pod obeys the restricted pod security standards.
+							SecurityContext: &v1.SecurityContext{
+								AllowPrivilegeEscalation: boolptr.False(),
+								Capabilities: &v1.Capabilities{
+									Drop: []v1.Capability{"ALL"},
+								},
+								RunAsNonRoot: boolptr.True(),
+								RunAsUser:    func(i int64) *int64 { return &i }(65534),
+								RunAsGroup:   func(i int64) *int64 { return &i }(65534),
+								SeccompProfile: &v1.SeccompProfile{
+									Type: v1.SeccompProfileTypeRuntimeDefault,
+								},
+							},
 						},
 					},
 				},