diff --git a/infra/overlays/upc-dev/forte-drop-postgresql/resources/postgresql.yaml b/infra/overlays/upc-dev/forte-drop-postgresql/resources/postgresql.yaml
index dac60e0..659ba9b 100644
--- a/infra/overlays/upc-dev/forte-drop-postgresql/resources/postgresql.yaml
+++ b/infra/overlays/upc-dev/forte-drop-postgresql/resources/postgresql.yaml
@@ -43,13 +43,10 @@ spec:
       containers:
       - name: postgresql
         image: postgres:16-alpine
-        securityContext:
-          runAsNonRoot: true
-          runAsUser: 999
-          runAsGroup: 999
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop: [ALL]
+        # NOTE: no securityContext. The official postgres image's entrypoint must
+        # start as root to chown a fresh /var/lib/postgresql/data, then drops to
+        # the postgres user (uid 70 in alpine) via gosu. Forcing runAsNonRoot here
+        # breaks initdb on a fresh PVC. Matches the vaultwarden-postgresql pattern.
         ports:
         - name: tcp-postgresql
           containerPort: 5432