Im trying to get elasticsearch and kibana up and running using ECK on kubernetes 1.26. I´ve managed to modify the podtemplate for the elasticsearch resource so that it sets the seccompProfile in the securityContext but I'm struggling with the securityContext of the kibana customresourcedefinition. Initially I did not have a podTemplate in my kibana yaml, but then the kibana deployment got stuck on the podsecurity admission controller. I tried adding this pod template:
containers:
- name: kibana
securityContext:
allowPrivilegeEscalation: false
privileged: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
initContainers:
- name: elastic-internal-init-config
securityContext:
allowPrivilegeEscalation: false
privileged: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
Now the kibana pod gets created but it gets stuck on the initcontainer with the following message: Error: container has runAsNonRoot and image has non-numeric user (kibana), cannot verify user is non-root . Does anyone know the proper way to configure the kibana CRD when having pod security enabled?