Background

PR #8800 adds support for deploying package-registry in ECK, but currently does not enforce RunAsNonRoot in the security context because the package-registry images still run as root, with UID 0.

This PR elastic/package-registry#1503 to transition the container to run as user UID 1000, similar to other Elastic stack components.

Goal

Once the changes from elastic/package-registry#1503 are merged and released in docker.elastic.co/package-registry/distribution images, we should update ECK to enforce RunAsNonRoot: true for EPR instances.

Additional Context

• Related PR: feat: Add package registry to eck #8800
• This change will improve the security posture of package-registry deployments in ECK
• We should ensure backward compatibility if ECK needs to support registry versions both with and without this change

Questions to resolve

• Which package-registry versions will include the user 1000 change?