No root users

[svrnm]

Changes

This fixes all services which are currently still running as root. The solution might not be perfect, that's why I start this of with a draft PR. A few alternatives:

• Instead of creating a new user/new group an existing user like "nobody" could be used
• Giving full permissions to the WORKDIR might not be necessary for all services, but testing that out requires a little bit more effort, since I don't know all the details of all services.

let me know what you think

Merge Requirements

• CHANGELOG.md updated to document new feature additions
• Appropriate documentation updates in the docs folder

Note

Here's a script I was using to find the services that run as root:

for IMAGE in $(docker images ghcr.io/open-telemetry/demo --format '{{.Repository}}:{{.Tag}}'); do echo ${IMAGE}; docker run --entrypoint whoami ${IMAGE}; done;

[styblope]

Ref. #615 where the idea was that we don't enforce non-root unless where necessary. We rather just enable the rest of containers so that they can execute either as root or non-root. The actual security context can then be set in via helm parameters, or it can be left up to the orchestrator's security policy enforcement (e.g. OpenShift likes to apply own non-root UIDs from a preset range)

[svrnm]

Ref. #615 where the idea was that we don't enforce non-root unless where necessary. We rather just enable the rest of containers so that they can execute either as root or non-root. The actual security context can then be set in via helm parameters, or it can be left up to the orchestrator's security policy enforcement (e.g. OpenShift likes to apply own non-root UIDs from a preset range)

missed that one, thanks for clarification :)