Helm install failed with Access Denied Error

Hey I recently tried to make changes to our Elasticsearch installation adding support for LDAP. However this failed to upgrade. When reverting back to my previous settings however it also fails to install. The process i followed to install was as follows.

1. helm repo add elastic https://helm.elastic.co
2. helm show values elastic/elasticsearch > values.yml (this is using default settings, though as mentioned i will be changing to use LDAP later)
3. helm upgrade --install elasticsearch elastic/elasticsearch -f Core_Stack/ELK/elasticsearch.yml -n evo-system

This goes through Init, then to running 0/1 then errors and loops. When it finally hits crash loop backoff the following error is in the log.

{"@timestamp":"2025-02-11T06:14:56.835Z", "log.level":"ERROR", "message":"uncaught exception in thread [process reaper (pid 190)]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"process reaper (pid 190)","log.logger":"org.elasticsearch.bootstrap.ElasticsearchUncaughtExceptionHandler","elasticsearch.node.name":"elasticsearch-master-2","error.type":"java.security.AccessControlException","error.message":"access denied (\"java.lang.RuntimePermission\" \"modifyThread\")","error.stack_trace":"java.security.AccessControlException: access denied (\"java.lang.RuntimePermission\" \"modifyThread\")\n\tat java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)\n\tat java.base/java.security.AccessController.checkPermission(AccessController.java:1068)\n\tat java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:411)\n\tat org.elasticsearch.securesm@8.5.1/org.elasticsearch.secure_sm.SecureSM.checkThreadAccess(SecureSM.java:166)\n\tat org.elasticsearch.securesm@8.5.1/org.elasticsearch.secure_sm.SecureSM.checkAccess(SecureSM.java:120)\n\tat java.base/java.lang.Thread.checkAccess(Thread.java:2360)\n\tat java.base/java.lang.Thread.setDaemon(Thread.java:2308)\n\tat java.base/java.lang.ProcessHandleImpl.lambda$static$0(ProcessHandleImpl.java:103)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:637)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:928)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.processWorkerExit(ThreadPoolExecutor.java:1021)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1158)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)\n\tat java.base/java.lang.Thread.run(Thread.java:1589)\n\tat java.base/jdk.internal.misc.InnocuousThread.run(InnocuousThread.java:186)\n"}

I saw a thread saying this was just noise and an update in 2022 fixed the issue here. Elasticsearch:8.5.2 docker "access denied (\"java.lang.RuntimePermission\" \"modifyThread\")" however that shouldn't be relevant to me.
And also mention of people adjusting some settings in docker here: Can't start elasticsearch 8.5 with docker however it was running previously on our current Kubernetes build.

Versions are:
Kubernetes: v1.28.5
Elasticsearch: v8.5.1

That access denied issue is fixed in 8.5.3 but should only be logged on shutdown -- well after the true cause of the node shutdown. If you want to get rid of this error you can change the image tag for elasticsearch to the 8.5.3 tag.

Can you please share the full Elasticsearch node log?

In addition, both the helm chart and 8.5.* have been end of life for quite some time. If you're setting up a new cluster you should consider using the ECK operator helm charts and the latest versions of 8 -- ie 8.17.