[BUG][opensearch] Opensearch helm chart failing to install due to kyverno securitycontext restriction

[kndoni]

Describe the bug I am trying to install opensearch helm chart in a k8s cluster that has kyverno cluster policies that enforces having securityContexts in place. There are couple of initContainers which securityContext is missing and this is not allowing me to install the chart.

1 error occurred:\n\t* admission webhook \"validate.kyverno.svc-fail\" denied the request: \n\nresource StatefulSet/opensearch-test/groot-opensearch-cluster-master was blocked due to the following policies \n\ndisallow-privilege-escalation:\n autogen-privilege-escalation: 'validation error: Privilege escalation is disallowed.\n The fields spec.containers[*].securityContext.allowPrivilegeEscalation, spec.initContainers[*].securityContext.allowPrivilegeEscalation,\n and spec.ephemeralContainers[*].securityContext.allowPrivilegeEscalation must\n be set tofalse. . rule autogen-privilege-escalation failed at path\n /spec/template/spec/initContainers/0/securityContext/'\n\n\n\n"

To Reproduce Kyverno should be installed on a k8s cluster

Chart Name opensearch and opensearch-dashboards

[prudhvigodithi]

[Triage] Hey @kndoni is Kyverno blocking the installation? Can you try without the Kyverno once and see, I assume there must be some allowlist using Kyverno. If not the there has to be a setting to use allowPrivilegeEscalation to false. Thank you @peterzhuamazon