Change Permissions on file(s) so EFS Controller doesn't have to run as root

Feature description

Update image build to enable running containers/pods as nonroot and nonprivileged.

Use cases

Currently the main obstacle of running efs driver as non-root is that the file at /etc/amazon/efs/efs-utils.crt is owned by root.

If possible, can we root out all of these files and change their permissions so we can run the pod as 1000 user? For security's sake I'd like to run the controller as nonroot, non-privileged like the ebs-csi-driver controller does.

Benefits

This is primarily increasing security posture of clusters with this controller running in it.

Requirements

None

Links / references

Tasks

Feature has been implemented

Please read the Iron Bank Documentation for more info

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message