TL;DR: Align the k8s-wait-for image’s entrypoint and runtime user.
This update changes the entrypoint from an absolute path (/usr/bin/wait_for.sh) to invoking the script directly (wait_for.sh), and updates the container user from UID/GID 65532 to 1100 to ensure consistency with the runtime environment.
| Announcement date | Planned Change date |
| 02/18/2026 | 03/02/2026 |
What is changing?
The entrypoint changes from “/usr/bin/wait_for.sh” to "wait_for.sh". The id from 65532 to 1100
The container entrypoint is being updated from an absolute path (/usr/bin/wait_for.sh) to invoking the script directly (wait_for.sh). In addition, the runtime user and group are changing from UID/GID 65532 to 1100. Together, these changes align how the image starts and which non-root user it runs as.
Why is Chainguard making this change?
Chainguard is making this update to match the upstream non-root image tag. Aligning with upstream improves consistency and predictability for users who rely on upstream behavior, and helps reduce friction when swapping between Chainguard and upstream images.
How will this affect me?
For most customers, this change is transparent and requires no action. The image remains non-root and functions the same way at runtime. Existing workloads should continue to work as-is, without requiring configuration changes or updates. An edge case could arise if you rely on:
- UID-specific ownership on mounted storage
- The absolute entrypoint path – /usr/bin/wait_for.sh
Need help or have questions?
We're here to help - visit our support portal at support.chainguard.dev.
- Chainguard Team
Comments
0 comments
Please sign in to leave a comment.