diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet
index f002e3c7..72aec924 100644
--- a/jsonnet/kube-prometheus/components/grafana.libsonnet
+++ b/jsonnet/kube-prometheus/components/grafana.libsonnet
@@ -116,6 +116,9 @@ function(params)
         template+: {
           spec+: {
             automountServiceAccountToken: false,
+            securityContext+: {
+              runAsGroup: 65534,
+            },
           },
         },
       },
diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml
index d7a6a5fb..1b65b4c6 100644
--- a/manifests/grafana-deployment.yaml
+++ b/manifests/grafana-deployment.yaml
@@ -152,6 +152,7 @@ spec:
         kubernetes.io/os: linux
       securityContext:
         fsGroup: 65534
+        runAsGroup: 65534
         runAsNonRoot: true
         runAsUser: 65534
       serviceAccountName: grafana