diff --git a/clusters/cl01tl/services/talos/values.yaml b/clusters/cl01tl/services/talos/values.yaml
index 268e8c1c9..566453f39 100644
--- a/clusters/cl01tl/services/talos/values.yaml
+++ b/clusters/cl01tl/services/talos/values.yaml
@@ -3,20 +3,8 @@ etcd-backup:
     main:
       type: cronjob
       pod:
-        # securityContext:
-        #   runAsUser: 1000
-        #   runAsGroup: 1000
-        #   fsGroup: 1000
-        #   runAsNonRoot: true
-        #   seccompProfile:
-        #     type: RuntimeDefault
-        affinity:
-          nodeAffinity:
-            requiredDuringSchedulingIgnoredDuringExecution:
-              nodeSelectorTerms:
-                - matchExpressions:
-                  - key: node-role.kubernetes.io/control-plane
-                    operator: Exists
+        nodeSelector:
+          node-role.kubernetes.io/control-plane: ""
         tolerations:
           - key: node-role.kubernetes.io/control-plane
             operator: Exists
@@ -40,11 +28,16 @@ etcd-backup:
           command:
             - /talos-backup
           workingDir: /tmp
-          # securityContext:
-          #   allowPrivilegeEscalation: false
-          #   capabilities:
-          #     drop:
-          #       - ALL
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           env:
             - name: AWS_ACCESS_KEY_ID
               valueFrom:
@@ -86,6 +79,14 @@ etcd-backup:
           main:
             - path: /tmp
               readOnly: false
+    talos:
+      type: emptyDir
+      medium: Memory
+      advancedMounts:
+        main:
+          main:
+            - path: /.talos
+              readOnly: false
     secret:
       enabled: true
       type: secret