diff --git a/apps/climatems/climatems.yaml b/apps/climatems/climatems.yaml
index 98c3e28f..0a984d98 100644
--- a/apps/climatems/climatems.yaml
+++ b/apps/climatems/climatems.yaml
@@ -63,8 +63,6 @@ metadata:
     app.kubernetes.io/name: climatems
     app.kubernetes.io/component: webserver
     app.kubernetes.io/part-of: climatems
-  annotations:
-    kube-linter.io/ignore-all: "true"
 spec:
   replicas: 1
   selector:
@@ -81,6 +79,8 @@ spec:
     spec:
       automountServiceAccountToken: false
       serviceAccountName: climatems-climatems
+      securityContext:
+        fsGroup: 1000
       containers:
       - name: climatems
         image: ghcr.io/codeformuenster/climatems:v0.1.0
@@ -89,4 +89,15 @@ spec:
         resources:
           requests:
             memory: "100Mi"
-            cpu: "200m"
\ No newline at end of file
+            cpu: "200m"
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsGroup: 1000
+          runAsNonRoot: true
+          runAsUser: 1000
+          seccompProfile:
+            type: RuntimeDefault
diff --git a/apps/climatems/kustomization.yaml b/apps/climatems/kustomization.yaml
index 8235daa4..2816e416 100644
--- a/apps/climatems/kustomization.yaml
+++ b/apps/climatems/kustomization.yaml
@@ -4,5 +4,5 @@ kind: Kustomization
 namespace: c4m-climatems
 
 resources:
-- ../../base/namespace
+- ../../base/namespace-pss-restricted
 - climatems.yaml