diff --git a/charts/mattermost-enterprise-edition/templates/deployment-mattermost-app.yaml b/charts/mattermost-enterprise-edition/templates/deployment-mattermost-app.yaml
index 467ef8d0..a032ace4 100644
--- a/charts/mattermost-enterprise-edition/templates/deployment-mattermost-app.yaml
+++ b/charts/mattermost-enterprise-edition/templates/deployment-mattermost-app.yaml
@@ -72,6 +72,10 @@ spec:
       - name: init-mysql
         image: "{{ .Values.initContainerImage.repository }}:{{ .Values.initContainerImage.tag }}"
         imagePullPolicy: {{ .Values.initContainerImage.imagePullPolicy }}
+        {{- if .Values.mattermostApp.containerSecurityContext }}
+        securityContext:
+          {{- toYaml .Values.mattermostApp.containerSecurityContext | nindent 10 }}
+        {{- end }}
         command: [
           "sh",
           "-c",
@@ -161,6 +165,10 @@ spec:
           httpGet:
             path: /api/v4/system/ping
             port: {{ .Values.mattermostApp.service.internalPort }}
+        {{- if .Values.mattermostApp.containerSecurityContext }}
+        securityContext:
+          {{- toYaml .Values.mattermostApp.containerSecurityContext | nindent 10 }}
+        {{- end }}
         volumeMounts:
         {{- if .Values.global.existingLicenseSecret.name }}
         - mountPath: /mattermost/{{.Values.global.existingLicenseSecret.key }}
diff --git a/charts/mattermost-enterprise-edition/templates/deployment-mattermost-jobserver.yaml b/charts/mattermost-enterprise-edition/templates/deployment-mattermost-jobserver.yaml
index 8f86fc6a..3d2b9c77 100644
--- a/charts/mattermost-enterprise-edition/templates/deployment-mattermost-jobserver.yaml
+++ b/charts/mattermost-enterprise-edition/templates/deployment-mattermost-jobserver.yaml
@@ -60,6 +60,10 @@ spec:
           "-c",
           "until curl --max-time 5 http://{{ include "mattermost-enterprise-edition.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.mattermostApp.service.internalPort }}/api/v4/system/ping ; do echo waiting for Mattermost App come up; sleep 5; done; echo init-mattermost-app finished"
         ]
+        {{- if .Values.mattermostApp.containerSecurityContext }}
+        securityContext:
+          {{- toYaml .Values.mattermostApp.containerSecurityContext | nindent 10 }}
+        {{- end }}
       containers:
       - name: {{ include "mattermost-enterprise-edition.name" . }}-jobserver
         image: "{{ .Values.mattermostApp.image.repository }}:{{ .Values.mattermostApp.image.tag }}"
@@ -79,6 +83,10 @@ spec:
         {{- with .Values.global.features.jobserver.extraEnv }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
+        {{- if .Values.mattermostApp.containerSecurityContext }}
+        securityContext:
+          {{- toYaml .Values.mattermostApp.containerSecurityContext | nindent 10 }}
+        {{- end }}
         volumeMounts:
         {{- if .Values.global.existingLicenseSecret.name }}
         - mountPath: /mattermost/{{.Values.global.existingLicenseSecret.key }}
diff --git a/charts/mattermost-enterprise-edition/values.yaml b/charts/mattermost-enterprise-edition/values.yaml
index 1ef43860..c74d9b1e 100644
--- a/charts/mattermost-enterprise-edition/values.yaml
+++ b/charts/mattermost-enterprise-edition/values.yaml
@@ -195,6 +195,14 @@ mattermostApp:
     # runAsGroup: 2000
     # runAsUser: 2000
 
+## Container Security Context
+## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  containerSecurityContext:
+    # runAsNonRoot: true
+    # allowPrivilegeEscalation: false
+    # capabilities:
+    #   drop: ['ALL']
+
   resources: {}
     # limits:
     #   cpu: 100m
diff --git a/charts/mattermost-team-edition/templates/deployment.yaml b/charts/mattermost-team-edition/templates/deployment.yaml
index 488127a9..bead0cbc 100644
--- a/charts/mattermost-team-edition/templates/deployment.yaml
+++ b/charts/mattermost-team-edition/templates/deployment.yaml
@@ -54,6 +54,10 @@ spec:
         image: "{{ .Values.initContainerImage.repository }}:{{ .Values.initContainerImage.tag }}"
         imagePullPolicy: {{ .Values.initContainerImage.imagePullPolicy }}
         command: ["sh", "-c", "until curl --max-time 10 http://{{ .Release.Name }}-mysql:3306; do echo waiting for {{ .Release.Name }}-mysql; sleep 5; done;"]
+        {{- if .Values.containerSecurityContext }}
+        securityContext:
+          {{- toYaml .Values.containerSecurityContext | nindent 10 }}
+        {{- end }}
       {{- end }}
       {{- if .Values.extraInitContainers }}
       {{- .Values.extraInitContainers | toYaml | nindent 6 }}
@@ -95,6 +99,10 @@ spec:
           httpGet:
             path: /api/v4/system/ping
             port: http
+        {{- if .Values.containerSecurityContext }}
+        securityContext:
+          {{- toYaml .Values.containerSecurityContext | nindent 10 }}
+        {{- end }}
         volumeMounts:
         - mountPath: /mattermost/config
           name: mattermost-config
diff --git a/charts/mattermost-team-edition/values.yaml b/charts/mattermost-team-edition/values.yaml
index f4bedef3..d458e7cb 100644
--- a/charts/mattermost-team-edition/values.yaml
+++ b/charts/mattermost-team-edition/values.yaml
@@ -217,6 +217,14 @@ securityContext:
   # runAsGroup: 2000
   # runAsUser: 2000
 
+## Container Security Context
+## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+containerSecurityContext:
+  # runAsNonRoot: true
+  # allowPrivilegeEscalation: false
+  # capabilities:
+  #   drop: ['ALL']
+
 serviceAccount:
   create: false
   name: