This message was deleted.

Sounds like you’ve enabled one of the CIS hardened profiles that enforces pod security policy. You can disable that hardening, or modify the elasticsearch deployment to not run a privileged, root container

Yes, we're running cis 1.6 I think.

yep that’d do it.

Well, we'll just set that setting on the bare metal and comment out the init pod in the chart that is trying to do it.

you might check with the operator project to see if they have a different way of addressing that problem, or if there is an open issue for supporting hardened clusters.

https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-security-context.html --- This might be useful.