diff --git a/ceph-rgw/templates/pod-helm-tests.yaml b/ceph-rgw/templates/pod-helm-tests.yaml
index 8eec5b295..64af98de8 100644
--- a/ceph-rgw/templates/pod-helm-tests.yaml
+++ b/ceph-rgw/templates/pod-helm-tests.yaml
@@ -78,6 +78,7 @@ spec:
     - name: ceph-rgw-s3-validation
 {{ tuple $envAll "ceph_rgw" | include "helm-toolkit.snippets.image" | indent 6 }}
 {{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+{{ dict "envAll" $envAll "application" "rgw_test" "container" "ceph_rgw_s3_validation" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
       env:
 {{- with $env := dict "s3AdminSecret" $envAll.Values.secrets.rgw_s3.admin }}
 {{- include "helm-toolkit.snippets.rgw_s3_admin_env_vars" $env | indent 8 }}
diff --git a/ceph-rgw/values.yaml b/ceph-rgw/values.yaml
index 4d2c37f1c..aa3cb1cc2 100644
--- a/ceph-rgw/values.yaml
+++ b/ceph-rgw/values.yaml
@@ -99,6 +99,9 @@ pod:
         ceph_rgw_ks_validation:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
+        ceph_rgw_s3_validation:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
     bootstrap:
       pod:
         runAsUser: 65534