diff --git a/code-server/deployment-patch.yaml b/code-server/deployment-patch.yaml
new file mode 100644
index 0000000..1f30a99
--- /dev/null
+++ b/code-server/deployment-patch.yaml
@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: code-server
+spec:
+  template:
+    spec:
+      securityContext:
+        fsGroup: 0
+        runAsUser: 0
+      containers:
+      - name: code-server
+        securityContext:
+          privileged: true
+          runAsUser: 0
+        env:
+        - name: KUBECONFIG
+          value: "/etc/rancher/k3s/k3s.yaml"
+        - name: PATH
+          value: "/usr/local/bin:/usr/bin:/bin:/sbin"
+        volumeMounts:
+        - name: host-k3s-config
+          mountPath: /etc/rancher/k3s
+          readOnly: true
+        - name: host-usr-local-bin
+          mountPath: /usr/local/bin
+          readOnly: true
+      volumes:
+      - name: host-k3s-config
+        hostPath:
+          path: /etc/rancher/k3s
+          type: Directory
+      - name: host-usr-local-bin
+        hostPath:
+          path: /usr/local/bin
+          type: Directory
+
diff --git a/code-server/helm-values/code-server.yaml b/code-server/helm-values/code-server.yaml
index 2540323..9e39241 100644
--- a/code-server/helm-values/code-server.yaml
+++ b/code-server/helm-values/code-server.yaml
@@ -31,12 +31,11 @@ resources:
     cpu: 300m  # Reduced to 30% of original (1000m -> 300m)
     memory: 4Gi  # 4GB (within available ~15GB)
 
-# Security context - privileged to access host resources
+# Security context
 securityContext:
   enabled: true
-  fsGroup: 0
-  runAsUser: 0
-  privileged: true
+  fsGroup: 1000
+  runAsUser: 1000
 
 # Volume permissions
 volumePermissions:
@@ -51,29 +50,6 @@ extraArgs:
 extraVars:
   - name: TZ
     value: "Asia/Seoul"
-  - name: KUBECONFIG
-    value: "/etc/rancher/k3s/k3s.yaml"
-  - name: PATH
-    value: "/usr/local/bin:/usr/bin:/bin:/sbin"
-
-# Mount host paths for k3s config and binaries access
-extraVolumes:
-  - name: host-k3s-config
-    hostPath:
-      path: /etc/rancher/k3s
-      type: Directory
-  - name: host-usr-local-bin
-    hostPath:
-      path: /usr/local/bin
-      type: Directory
-
-extraVolumeMounts:
-  - name: host-k3s-config
-    mountPath: /etc/rancher/k3s
-    readOnly: true
-  - name: host-usr-local-bin
-    mountPath: /usr/local/bin
-    readOnly: true
 
 # Health checks
 livenessProbe:
diff --git a/code-server/kustomization.yaml b/code-server/kustomization.yaml
index f40f9eb..42f8068 100644
--- a/code-server/kustomization.yaml
+++ b/code-server/kustomization.yaml
@@ -5,3 +5,9 @@ resources:
   # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
   # - argocd/code-server.yaml
   - vault/code-server-password.yaml
+
+patches:
+  - path: deployment-patch.yaml
+    target:
+      kind: Deployment
+      name: code-server