How to Run Vault CSI Provider as a Non-Root User

[SanduDS]

I am trying to deploy the Vault CSI provider in my Kubernetes cluster and want to ensure that it runs as a non-root user. I have configured the securityContext in HCP vault helm configuration values file, but I am encountering issues with permissions.

Here is the relevant excerpt from my values.yaml file.

csi:
   enabled: true
   agent:
      enabled: false
   image:
      repository: "hashicorp/vault-csi-provider" 
      tag: "1.4.2"
      pullPolicy: IfNotPresent
   daemonSet:
      securityContext:
         pod:
            runAsNonRoot: true
            runAsUser: 405 # on guest user UID
            fsGroup: 100 # on guest user GID
         container:
            seccompProfile:
               type: RuntimeDefault
               runAsUser: 405
            readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false
            capabilities:
               drop:
                  - NET_RAW
                  - ALL

Issues Encountered:

1. When I set runAsNonRoot: true, the container fails to start with the error: Error running provider: err="failed to listen on unix socket at /provider/vault.sock: listen unix /provider/vault.sock: bind: permission denied"

Request:

Could you please provide guidance or an example configuration on how to properly run the Vault CSI provider as a non-root user? Any help would be greatly appreciated.