diff --git a/cluster/apps/default/gitea/helm-release.yaml b/cluster/apps/default/gitea/helm-release.yaml
index 2e10cf0..15f1161 100644
--- a/cluster/apps/default/gitea/helm-release.yaml
+++ b/cluster/apps/default/gitea/helm-release.yaml
@@ -17,15 +17,15 @@ spec:
   values:
     image:
       repository: gitea/gitea
-      tag: 1.19.0
+      tag: latest-rootless
 
     podLabels:
       needsDatabase: "yes"
       needsAuthentik: "yes"
 
     env:
-      USER_UID: 1000
-      USER_GID: 1000
+      USER_UID: 10000
+      USER_GID: 10000
 
     envFrom:
       - secretRef:
@@ -81,4 +81,18 @@ spec:
         enabled: true
         type: hostPath
         hostPath: /mnt/MainPool/Kubernetes/gitea
-        mountPath: /data
\ No newline at end of file
+        mountPath: /data
+
+    podSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 10000
+      runAsGroup: 10000
+      fsGroup: 10000
+      fsGroupChangePolicy: OnRootMismatch
+
+    resources:
+      requests:
+        cpu: 1m
+        memory: 340Mi
+      limits:
+        memory: 1Gi
\ No newline at end of file