diff --git a/charts/memgraph-high-availability/templates/coordinators.yaml b/charts/memgraph-high-availability/templates/coordinators.yaml
index c6fef61..ef802d7 100644
--- a/charts/memgraph-high-availability/templates/coordinators.yaml
+++ b/charts/memgraph-high-availability/templates/coordinators.yaml
@@ -82,23 +82,21 @@ spec:
         - name: memgraph-coordinator-{{ $coordinator.id }}-log-storage
           mountPath: /var/log/memgraph
         command: [ "/bin/sh","-c" ]
-        args: [ "chown -R memgraph:memgraph /var/log; chown -R memgraph:memgraph /var/lib" ]
+        args: [ "chown -R memgraph:memgraph /var/log/memgraph; chown -R memgraph:memgraph /var/lib/memgraph" ]
         securityContext:
-          privileged: true
-          readOnlyRootFilesystem: false
+          readOnlyRootFilesystem: true
+          runAsUser: 0 # Run as root
           capabilities:
-            drop: [ "all" ]
+            drop: [ "ALL" ]
             add: [ "CHOWN" ]
-          runAsUser: 0
-          runAsNonRoot: false
-    {{- if $.Values.sysctlInitContainer.enabled }}
+      {{- if $.Values.sysctlInitContainer.enabled }}
       - name: init-sysctl
         image: busybox
         command: ['sh', '-c', 'sysctl -w vm.max_map_count={{ $.Values.sysctlInitContainer.maxMapCount }}']
         securityContext:
           privileged: true
           runAsUser: 0
-        {{- end }}
+      {{- end }}
 
       containers:
       - name: memgraph-coordinator
@@ -134,15 +132,19 @@ spec:
             mountPath: /var/lib/memgraph
           - name: memgraph-coordinator-{{ $coordinator.id }}-log-storage
             mountPath: /var/log/memgraph
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: [ "ALL" ]
+          # Run by 'memgraph' user as specified in the Dockerfile
+
   volumeClaimTemplates:
     - metadata:
         name: memgraph-coordinator-{{ $coordinator.id }}-lib-storage
       spec:
         accessModes:
         - {{ $.Values.storage.libStorageAccessMode}}
-        {{- if $.Values.storage.libStorageClassName }}
         storageClassName: {{ $.Values.storage.libStorageClassName }}
-        {{- end }}
         resources:
           requests:
             storage: {{ $.Values.storage.libPVCSize }}
@@ -152,9 +154,7 @@ spec:
       spec:
         accessModes:
         - {{ $.Values.storage.logStorageAccessMode}}
-        {{- if $.Values.storage.logStorageClassName }}
         storageClassName: {{ $.Values.storage.logStorageClassName }}
-        {{- end }}
         resources:
           requests:
             storage: {{ $.Values.storage.logPVCSize }}
diff --git a/charts/memgraph-high-availability/templates/data.yaml b/charts/memgraph-high-availability/templates/data.yaml
index fc42def..26f6e99 100644
--- a/charts/memgraph-high-availability/templates/data.yaml
+++ b/charts/memgraph-high-availability/templates/data.yaml
@@ -92,23 +92,21 @@ spec:
         - name: memgraph-data-{{ $data.id }}-log-storage
           mountPath: /var/log/memgraph
         command: [ "/bin/sh","-c" ]
-        args: [ "chown -R memgraph:memgraph /var/log; chown -R memgraph:memgraph /var/lib" ]
+        args: [ "chown -R memgraph:memgraph /var/log/memgraph; chown -R memgraph:memgraph /var/lib/memgraph" ]
         securityContext:
-          privileged: true
-          readOnlyRootFilesystem: false
+          readOnlyRootFilesystem: true
+          runAsUser: 0 # Run as root
           capabilities:
-            drop: [ "all" ]
+            drop: [ "ALL" ]
             add: [ "CHOWN" ]
-          runAsUser: 0
-          runAsNonRoot: false
-    {{- if $.Values.sysctlInitContainer.enabled }}
+      {{- if $.Values.sysctlInitContainer.enabled }}
       - name: init-sysctl
         image: busybox
         command: ['sh', '-c', 'sysctl -w vm.max_map_count={{ $.Values.sysctlInitContainer.maxMapCount }}']
         securityContext:
           privileged: true
           runAsUser: 0
-        {{- end }}
+      {{- end }}
 
       containers:
       - name: memgraph-data
@@ -144,15 +142,19 @@ spec:
             mountPath: /var/lib/memgraph
           - name: memgraph-data-{{ $data.id }}-log-storage
             mountPath: /var/log/memgraph
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: [ "ALL" ]
+          # Run by 'memgraph' user as specified in the Dockerfile
+
   volumeClaimTemplates:
     - metadata:
         name: memgraph-data-{{ $data.id }}-lib-storage
       spec:
         accessModes:
         - {{ $.Values.storage.libStorageAccessMode}}
-        {{- if $.Values.storage.libStorageClassName }}
         storageClassName: {{ $.Values.storage.libStorageClassName }}
-        {{- end }}
         resources:
           requests:
             storage: {{ $.Values.storage.libPVCSize }}
@@ -161,9 +163,7 @@ spec:
       spec:
         accessModes:
         - {{ $.Values.storage.logStorageAccessMode}}
-        {{- if $.Values.storage.logStorageClassName }}
         storageClassName: {{ $.Values.storage.logStorageClassName }}
-        {{- end }}
         resources:
           requests:
             storage: {{ $.Values.storage.logPVCSize }}