diff --git a/controllers/slicegateway/slicegateway.go b/controllers/slicegateway/slicegateway.go
index cbe9a95f1..e04c34521 100644
--- a/controllers/slicegateway/slicegateway.go
+++ b/controllers/slicegateway/slicegateway.go
@@ -225,6 +225,10 @@ func (r *SliceGwReconciler) deploymentForGatewayServer(g *kubeslicev1beta1.Slice
 								Value: "config",
 							},
 						},
+						Ports: []corev1.ContainerPort{{
+							Name:          "grpc",
+							ContainerPort: 5000,
+						}},
 						SecurityContext: &corev1.SecurityContext{
 							Privileged:               &privileged,
 							AllowPrivilegeEscalation: &privileged,
@@ -232,6 +236,9 @@ func (r *SliceGwReconciler) deploymentForGatewayServer(g *kubeslicev1beta1.Slice
 								Add: []corev1.Capability{
 									"NET_ADMIN",
 								},
+								Drop: []corev1.Capability{
+									"ALL",
+								},
 							},
 						},
 						VolumeMounts: []corev1.VolumeMount{
@@ -520,6 +527,10 @@ func (r *SliceGwReconciler) deploymentForGatewayClient(g *kubeslicev1beta1.Slice
 								Value: strconv.Itoa(remotePortNumber),
 							},
 						},
+						Ports: []corev1.ContainerPort{{
+							Name:          "grpc",
+							ContainerPort: 5000,
+						}},
 						SecurityContext: &corev1.SecurityContext{
 							Privileged:               &privileged,
 							AllowPrivilegeEscalation: &privileged,
@@ -527,6 +538,9 @@ func (r *SliceGwReconciler) deploymentForGatewayClient(g *kubeslicev1beta1.Slice
 								Add: []corev1.Capability{
 									"NET_ADMIN",
 								},
+								Drop: []corev1.Capability{
+									"ALL",
+								},
 							},
 						},
 						VolumeMounts: []corev1.VolumeMount{{