diff --git a/pipeline/backend/kubernetes/pod.go b/pipeline/backend/kubernetes/pod.go
index 1758a0d5d..4f6fec8bb 100644
--- a/pipeline/backend/kubernetes/pod.go
+++ b/pipeline/backend/kubernetes/pod.go
@@ -412,15 +412,15 @@ func podSecurityContext(sc *SecurityContext, secCtxConf SecurityContextConfig, s
 			nonRoot = sc.RunAsNonRoot
 		}
 
-		// if unset, set fsGroup to 1000 by default to support non-root images
-		if sc.FSGroup == nil {
-			fsGroup = newInt64(defaultFSGroup)
-		}
-
 		seccomp = seccompProfile(sc.SeccompProfile)
 		apparmor = apparmorProfile(sc.ApparmorProfile)
 	}
 
+	// if unset, set fsGroup to 1000 by default to support non-root images
+	if sc.FSGroup == nil {
+		fsGroup = newInt64(defaultFSGroup)
+	}
+
 	if nonRoot == nil && user == nil && group == nil && fsGroup == nil && seccomp == nil {
 		return nil
 	}