diff --git a/cluster/images/provider-terraform-controller/Dockerfile b/cluster/images/provider-terraform-controller/Dockerfile
index 74b7f06..a4f9682 100644
--- a/cluster/images/provider-terraform-controller/Dockerfile
+++ b/cluster/images/provider-terraform-controller/Dockerfile
@@ -5,9 +5,11 @@ ARG TINI_VERSION
 
 ADD provider /usr/local/bin/crossplane-terraform-provider
 
+# As of Crossplane v1.3.0 provider controllers run as UID 2000.
+# https://github.com/crossplane/crossplane/blob/v1.3.0/internal/controller/pkg/revision/deployment.go#L32
 RUN mkdir /tf
-RUN chown 1001 /tf
+RUN chown 2000 /tf
 
 EXPOSE 8080
-USER 1001
+USER 2000
 ENTRYPOINT ["crossplane-terraform-provider"]