diff --git a/manifests/loki/deployment.yaml b/manifests/loki/deployment.yaml
index 7c1ea2a..9cfcb74 100644
--- a/manifests/loki/deployment.yaml
+++ b/manifests/loki/deployment.yaml
@@ -12,6 +12,10 @@ spec:
       labels:
         app: loki
     spec:
+      securityContext:
+        runAsNonRoot: true
+        fsGroup: 2000
+        runAsUser: 1000
       containers:
         - name: loki
           image: grafana/loki:2.8.2
@@ -19,10 +23,15 @@ spec:
           ports:
             - containerPort: 3100
           volumeMounts:
+            - name: loki-pv
+              mountPath: /loki
             - name: loki-config-volume
               mountPath: /mnt/config/loki-config.yaml
               subPath: loki-config.yaml
       volumes:
+        - name: loki-pv
+          persistentVolumeClaim:
+            claimName: loki-pvc
         - name: loki-config-volume
           configMap:
             name: loki-config
diff --git a/manifests/loki/kustomization.yaml b/manifests/loki/kustomization.yaml
index 19ef0b2..4ff51b4 100644
--- a/manifests/loki/kustomization.yaml
+++ b/manifests/loki/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
+  - pvc.yaml
   - configmap.yaml
   - service.yaml
   - deployment.yaml
diff --git a/manifests/loki/pvc.yaml b/manifests/loki/pvc.yaml
new file mode 100644
index 0000000..84d4b13
--- /dev/null
+++ b/manifests/loki/pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: loki-pvc
+  namespace: monitoring
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: flat-storage-class