diff --git a/roles/kubernetes-apps/cluster_roles/defaults/main.yml b/roles/kubernetes-apps/cluster_roles/defaults/main.yml
index d183c1b11a36c80e6da9e4a2292d8520ccf56241..f26583da39c3274207309c0be9854af0c46e46bb 100644
--- a/roles/kubernetes-apps/cluster_roles/defaults/main.yml
+++ b/roles/kubernetes-apps/cluster_roles/defaults/main.yml
@@ -19,6 +19,11 @@ podsecuritypolicy_restricted_spec:
     rule: 'MustRunAsNonRoot'
   seLinux:
     rule: 'RunAsAny'
+  runAsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
   supplementalGroups:
     rule: 'MustRunAs'
     ranges:
@@ -30,8 +35,6 @@ podsecuritypolicy_restricted_spec:
       - min: 1
         max: 65535
   readOnlyRootFilesystem: false
-  forbiddenSysctls:
-    - '*'
 
 podsecuritypolicy_privileged_spec:
   privileged: true
@@ -50,6 +53,8 @@ podsecuritypolicy_privileged_spec:
     rule: 'RunAsAny'
   seLinux:
     rule: 'RunAsAny'
+  runAsGroup:
+    rule: 'RunAsAny'
   supplementalGroups:
     rule: 'RunAsAny'
   fsGroup: