fix: create nonroot user in Dockerfile

charts/latest/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml

@@ -156,6 +156,8 @@ spec:
             - name: CSI_ENDPOINT
               value: unix:///csi/csi.sock
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            runAsUser: 0
           volumeMounts:
             - mountPath: /csi
               name: socket-dir

charts/latest/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml

@@ -106,6 +106,7 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           securityContext:
             privileged: true
+            runAsUser: 0
           volumeMounts:
             - mountPath: /csi
               name: socket-dir

deploy/csi-azuredisk-controller.yaml

@@ -153,6 +153,8 @@ spec:
                   optional: true
             - name: CSI_ENDPOINT
               value: unix:///csi/csi.sock
+          securityContext:
+            runAsUser: 0
           volumeMounts:
             - mountPath: /csi
               name: socket-dir

deploy/csi-azuredisk-node.yaml

@@ -104,6 +104,7 @@ spec:
                   fieldPath: spec.nodeName
           securityContext:
             privileged: true
+            runAsUser: 0
           volumeMounts:
             - mountPath: /csi
               name: socket-dir

pkg/azurediskplugin/Dockerfile

@@ -19,4 +19,8 @@ RUN clean-install util-linux e2fsprogs mount ca-certificates udev xfsprogs
 LABEL maintainers="andyzhangx"
 LABEL description="Azure Disk CSI Driver"
 
+# Create a nonroot user
+RUN useradd -u 10001 nonroot
+USER nonroot
+
 ENTRYPOINT ["/azurediskplugin"]

pkg/azurediskplugin/dev.Dockerfile

@@ -17,5 +17,9 @@ RUN apt-get update && apt-get install -y util-linux e2fsprogs mount ca-certifica
 LABEL maintainers="andyzhangx"
 LABEL description="Azure Disk CSI Driver"
 
+# Create a nonroot user
+RUN useradd -u 10001 nonroot
+USER nonroot
+
 COPY ./_output/azurediskplugin /azurediskplugin
 ENTRYPOINT ["/azurediskplugin"]