I am trying to use ECK with PSP enabled in my self-hosted kubernetes cluster. It does not seem to work, and it has a weird deployment method of using a stateful set to deploy additional privileged containers.
So, what permissions should I give for ECK to work and to which service account?
There seems to be an issue open for this. Would prefer to have a sample PSP shipped with the operator as this would make sense for users who enable PSP by default during installation!
The existing PSP used are mentioned on the Github issue. I finally had to allow all serviceaccounts to create a privileged pod in the Elasticsearch namespace which was definitely an overkill and a security risk. Am I missing something here?