diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh
index cdd03321b19..bffb491b418 100644
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -1858,6 +1858,18 @@ function prepare-etcd-manifest {
   fi
   # Replace the volume host path.
   sed -i -e "s@/mnt/master-pd/var/etcd@/mnt/disks/master-pd/var/etcd@g" "${temp_file}"
+  # Replace the run as user and run as group
+  pod_run_as_user=""
+  pod_run_as_group=""
+  container_security_context=""
+  if [[ -n "${ETCD_RUNASUSER:-}" && -n "${ETCD_RUNASGROUP:-}" ]]; then
+    pod_run_as_user="\"runAsUser\": ${ETCD_RUNASUSER},"
+    pod_run_as_group="\"runAsGroup\": ${ETCD_RUNASGROUP},"
+    container_security_context="\"securityContext\": {\"allowPrivilegeEscalation\": false, \"capabilities\": {\"drop\": [\"all\"]}},"
+  fi
+  sed -i -e "s@{{ run_as_user }}@${pod_run_as_user}@g" "${temp_file}"
+  sed -i -e "s@{{ run_as_group }}@${pod_run_as_group}@g" "${temp_file}"
+  sed -i -e "s@{{security_context}}@${container_security_context}@g" "${temp_file}"
   mv "${temp_file}" /etc/kubernetes/manifests
 }
 
@@ -1878,10 +1890,13 @@ function start-etcd-servers {
   if [[ -e /etc/init.d/etcd ]]; then
     rm -f /etc/init.d/etcd
   fi
-  prepare-log-file /var/log/etcd.log
+  if [[ -n "${ETCD_RUNASUSER:-}" && -n "${ETCD_RUNASGROUP:-}" ]]; then
+    chown -R "${ETCD_RUNASUSER}":"${ETCD_RUNASGROUP}" /var/etcd/
+  fi
+  prepare-log-file /var/log/etcd.log "${ETCD_RUNASUSER:-0}"
   prepare-etcd-manifest "" "2379" "2380" "200m" "etcd.manifest"
 
-  prepare-log-file /var/log/etcd-events.log
+  prepare-log-file /var/log/etcd-events.log "${ETCD_RUNASUSER:-0}"
   prepare-etcd-manifest "-events" "4002" "2381" "100m" "etcd-events.manifest"
 }
 
diff --git a/cluster/gce/manifests/etcd.manifest b/cluster/gce/manifests/etcd.manifest
index f927c204e33..30327fab9ac 100644
--- a/cluster/gce/manifests/etcd.manifest
+++ b/cluster/gce/manifests/etcd.manifest
@@ -7,6 +7,8 @@
 },
 "spec":{
 "securityContext": {
+    {{ run_as_user }}
+    {{ run_as_group }}
     "seccompProfile": {
         "type": "RuntimeDefault"
     }
@@ -17,6 +19,7 @@
 "containers":[
     {
     "name": "etcd-container",
+    {{security_context}}
     "image": "{{ pillar.get('etcd_docker_repository', 'k8s.gcr.io/etcd') }}:{{ pillar.get('etcd_docker_tag', '3.4.13-0') }}",
     "resources": {
       "requests": {
@@ -35,6 +38,10 @@
       { "name": "TARGET_VERSION",
         "value": "{{ pillar.get('etcd_version', '3.4.13') }}"
       },
+      {
+        "name": "DO_NOT_MOVE_BINARIES",
+        "value": "true"
+      },
       { "name": "DATA_DIRECTORY",
         "value": "/var/etcd/data{{ suffix }}"
       },