diff --git a/config/kustomize/base/resources/deployment.yaml b/config/kustomize/base/resources/deployment.yaml
index 6a26076..397b376 100644
--- a/config/kustomize/base/resources/deployment.yaml
+++ b/config/kustomize/base/resources/deployment.yaml
@@ -14,10 +14,8 @@ spec:
         app: keycloak
     spec:
       securityContext:
-        allowPrivilegeEscalation: false
+        runAsUser: 2000
         runAsNonRoot: true
-        capabilities:
-          drop: ["ALL"]
         seccompProfile:
           type: RuntimeDefault
       containers:
@@ -25,7 +23,9 @@ spec:
         image: staged-harbor-01.smardigo.digital/smardigo/keycloak:14.0.0.1
         imagePullPolicy: IfNotPresent
         securityContext:
-          runAsUser: 2000
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
         ports:
         - name: app-port
           containerPort: 8080
diff --git a/config/kustomize/base/resources/namespace.yaml b/config/kustomize/base/resources/namespace.yaml
index 66b1233..7495a80 100644
--- a/config/kustomize/base/resources/namespace.yaml
+++ b/config/kustomize/base/resources/namespace.yaml
@@ -3,9 +3,7 @@ kind: Namespace
 metadata:
   labels:
     kubernetes.io/metadata.name: sma-ums
-    pod-security.kubernetes.io/enforce: baseline
-    pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/enforce: restricted
   name: sma-ums
 spec:
   finalizers: