diff --git a/hack/build/dockerfiles/controller/Dockerfile b/hack/build/dockerfiles/controller/Dockerfile
index 8f9e704d1..d2fe7fd55 100644
--- a/hack/build/dockerfiles/controller/Dockerfile
+++ b/hack/build/dockerfiles/controller/Dockerfile
@@ -1,9 +1,12 @@
 FROM alpine:3.6
 
-RUN apk add --no-cache ca-certificates
+RUN apk add --no-cache ca-certificates && \
+  addgroup -S certmanager && adduser -S -G certmanager certmanager
 
 ADD cert-manager-controller_linux_amd64 /usr/bin/cert-manager
 
+USER certmanager
+
 ENTRYPOINT ["/usr/bin/cert-manager"]
 ARG VCS_REF
 LABEL org.label-schema.vcs-ref=$VCS_REF \
diff --git a/hack/build/dockerfiles/ingress-shim/Dockerfile b/hack/build/dockerfiles/ingress-shim/Dockerfile
index 280cd9cb8..ac673f2e5 100644
--- a/hack/build/dockerfiles/ingress-shim/Dockerfile
+++ b/hack/build/dockerfiles/ingress-shim/Dockerfile
@@ -1,9 +1,12 @@
 FROM alpine:3.6
 
-RUN apk add --no-cache ca-certificates
+RUN apk add --no-cache ca-certificates && \
+  addgroup -S certmanager && adduser -S -G certmanager certmanager
 
 ADD cert-manager-ingress-shim_linux_amd64 /usr/bin/ingress-shim
 
+USER certmanager
+
 ENTRYPOINT ["/usr/bin/ingress-shim"]
 ARG VCS_REF
 LABEL org.label-schema.vcs-ref=$VCS_REF \