dlorenc

I think this will be covered via the volume mounts in #82

Sounds good to me!

Installing lsb_release would add around 20MB: ```shell The following extra packages will be installed: libexpat1 libffi6 libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libsqlite3-0 mime-support python python-minimal python2.7 python2.7-minimal Suggested packages: lsb python-doc python-tk...

So thinking about this again, we can make "apt-get install google-cloud-sdk" just work by adding the apt repo by default, but that still won't fix things for users that follow...

@neumayer - what kaniko image did you use? Nothing we ship as officially supported from the kaniko repo should require the privileged flag.

This will have to only run locally still

This would have to go through a TEP, but one other idea to attest build node identity (through say, SPIRE) would be for the Tekton pipelines controller to inject some...

> I would certainly be interested in looking at the TPM part (I just need to get my head around the mapping from an abstracted container layer to the hosts...

Nice!!!

One other possibility: - Tekton (and chains) now relies on pod statuses to parse outputs, but these statuses can be written by anyone with edit permissions on the pod -...