ECK Kibana securityContext on kubernetes >= 1.26

Im trying to get elasticsearch and kibana up and running using ECK on kubernetes 1.26. I´ve managed to modify the podtemplate for the elasticsearch resource so that it sets the seccompProfile in the securityContext but I'm struggling with the securityContext of the kibana customresourcedefinition. Initially I did not have a podTemplate in my kibana yaml, but then the kibana deployment got stuck on the podsecurity admission controller. I tried adding this pod template:

containers:
- name: kibana
securityContext:
allowPrivilegeEscalation: false
privileged: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
initContainers:
- name: elastic-internal-init-config
securityContext:
allowPrivilegeEscalation: false
privileged: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault

Now the kibana pod gets created but it gets stuck on the initcontainer with the following message: Error: container has runAsNonRoot and image has non-numeric user (kibana), cannot verify user is non-root . Does anyone know the proper way to configure the kibana CRD when having pod security enabled?

This seems to be fixed in version 8.12. I was running 8.11.2 but the problem does not happen when using version 8.12.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.