diff --git a/charts/kubernetes-etcd-backup/templates/cronjob.yaml b/charts/kubernetes-etcd-backup/templates/cronjob.yaml
index bd189587..808d513c 100644
--- a/charts/kubernetes-etcd-backup/templates/cronjob.yaml
+++ b/charts/kubernetes-etcd-backup/templates/cronjob.yaml
@@ -14,8 +14,7 @@ spec:
       template:
         spec:
           securityContext:
-              runAsUser: 1000
-              fsGroup: 1000
+            {{- toYaml .Values.podSecurityContext | nindent 12 }}
           containers:
           - command:
             - /bin/sh
@@ -23,6 +22,8 @@ spec:
             image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
             imagePullPolicy: {{ .Values.image.pullPolicy }}
             name: {{ .Chart.Name }}
+            securityContext:
+              {{- toYaml .Values.securityContext | nindent 14 }}
             envFrom:
             - configMapRef:
                 name: {{ include "kubernetes-etcd-backup.fullname" . }}
@@ -43,6 +44,10 @@ spec:
               mountPath: /etc/kubernetes/pki/etcd-ca
             - name: volume-backup
               mountPath: /backup
+            {{- if and (.Values.persistence.s3.enabled) (.Values.persistence.s3.ca.enabled) }}
+            - name: s3-ca
+              mountPath: /etc/pki/ca-trust/source/anchors
+            {{- end }}
             {{- if .Values.extraVolumeMounts }}
               {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
             {{- end }}
@@ -54,6 +59,11 @@ spec:
           - name: etcd-server-ca
             secret:
               secretName: {{ .Values.etcdCertification.etcdServerCaName }}
+          {{- if and (.Values.persistence.s3.enabled) (.Values.persistence.s3.ca.enabled) }}
+          - name: s3-ca
+            secret:
+              secretName: {{ .Values.persistence.s3.ca.secretName }}
+          {{- end }}
           - name: volume-backup
             {{- if .Values.persistence.nfs.enabled }}
             nfs:
diff --git a/charts/kubernetes-etcd-backup/values.yaml b/charts/kubernetes-etcd-backup/values.yaml
index 8f137039..f054e065 100644
--- a/charts/kubernetes-etcd-backup/values.yaml
+++ b/charts/kubernetes-etcd-backup/values.yaml
@@ -71,6 +71,9 @@ persistence:
     secretKey: mysupersecretkey
     # -- S3 use an existing Secret instead of creating one
     existingSecret: ""
+    ca:
+      enabled: false
+      secretName: "changeme"
 
 image:
   # -- Repository image to use
@@ -131,3 +134,16 @@ extraVolumes: []
 ## Additional volumes to the pod.
 #  - name: additional-volume
 #    emptyDir: {}
+
+securityContext: {}
+podSecurityContext:
+  runAsUser: 1000
+  fsGroup: 1000
+  # Settings required when s3 persistence is used
+  # Required because of `update-ca-trust` command
+  # # -- Run pod as privileged
+  # privileged: true
+  # # -- Set user ID
+  # runAsUser: 0
+  # # -- Set group ID
+  # runAsGroup: 0