diff --git a/.chloggen/1346-run-ta-nonroot.yaml b/.chloggen/1346-run-ta-nonroot.yaml
new file mode 100755
index 0000000000..b8d43368bd
--- /dev/null
+++ b/.chloggen/1346-run-ta-nonroot.yaml
@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+
+# The name of the component, or a single word describing the area of concern, (e.g. operator, target allocator, github action)
+component: target allocator
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: "Run the target allocator as non root user"
+
+# One or more tracking issues related to the change
+issues: [1346]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
diff --git a/cmd/otel-allocator/Dockerfile b/cmd/otel-allocator/Dockerfile
index 3e856c08a0..5ba6d819f4 100644
--- a/cmd/otel-allocator/Dockerfile
+++ b/cmd/otel-allocator/Dockerfile
@@ -1,8 +1,10 @@
-# Build the target allocator binary
-FROM golang:1.19 as builder
+# Build the otel-allocator binary
+FROM golang:1.19-alpine as builder
 
 WORKDIR /app
 
+RUN apk --no-cache add ca-certificates
+
 # Copy go mod and sum files
 COPY go.mod go.sum ./
 
@@ -14,12 +16,13 @@ COPY . .
 RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o main .
 
 ######## Start a new stage from scratch #######
-FROM alpine:latest  
-
-RUN apk --no-cache add ca-certificates
+FROM scratch
 
 WORKDIR /root/
 
+# Copy the certs from the builder
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
 # Copy the pre-built binary file from the previous stage
 COPY --from=builder /app/main .