The elastic operator is deploying elasticsearch w/ an init container that has to run as root. It's setting the vm.max_map_count to 262144. RKE2 is barfing on the stateful set creation : "create Pod elasticsearch-master-0 in StatefulSet elasticsearch-master failed error: pods "elasticsearch-master-0" is forbidden: PodSecurityPolicy: unable to admit pod: [spec.initContainers[0].securityContext.runAsUser: Invalid value: 0: running with the root UID is forbidden spec.initContainers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed]" What's the proper way to get elastic to run inside RKE2?

Sounds like you’ve enabled one of the CIS hardened profiles that enforces pod security policy. You can disable that hardening, or modify the elasticsearch deployment to not run a privileged, root container

Yes, we're running cis 1.6 I think.

yep that’d do it.

Well, we'll just set that setting on the bare metal and comment out the init pod in the chart that is trying to do it.

you might check with the operator project to see if they have a different way of addressing that problem, or if there is an open issue for supporting hardened clusters.

https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-security-context.html --- This might be useful.