Kyverno Policies blocks elasticsearch autoRollingUpgrade Job
Enabling the autoRollingUpgrade get's blocked by Kyverno Policies. Set the policy so that it can allow the upgrade.
resource Pod/logging/bb-logging-ek-upgrade-pr9zd was blocked due to the following policies │
│ │
│ require-non-root-group: │
│ run-as-group: 'validation failure: validation error: runAsGroup must be set to an │
│ id > 0 in either spec.securityContext.runAsGroup or (spec.containers[*].securityContext.runAsGroup, │
│ spec.initContainers[*].securityContext.runAsGroup, and spec.ephemeralContainers[*].securityContext.runAsGroup). │
│ rule run-as-group[0] failed at path /securityContext/runAsGroup/' │
│ require-non-root-user: │
│ non-root-user: 'validation failure: validation error: Either `runAsNonRoot` must │
│ be set to true or `runAsUser` must be > 0 in spec.securityContext or (spec.containers[*].securityContext, │
│ spec.initContainers[*].securityContext, and spec.ephemeralContainers[*].securityContext). │
│ rule non-root-user[0] failed at path /securityContext/runAsNonRoot/ rule non-root-user[1] │
│ failed at path /securityContext/runAsUser/'
Edited by Kirby Liu