UNCLASSIFIED - NO CUI

Kiali fails to deploy due to PSP/securityContext in RKE2

Can you provide/expose a way to configure Kiali's chart to add a securityContext or serviceAccount or some other hook for dealing with the below issue deploying onto RKE2 clusters? I think this issue comes up in multiple contexts for various BigBang modules that need elevated permissions; with IronBank images that we consume directly we can resolve these restrictions by defining serviceAccounts, securityContexts, capabilities, etc. for the given workload - but with BigBang it's difficult to do this without copying the lineage of BigBng charts and self-maintaining them:

kubectl describe rs   -n kiali
...
...
...
  Warning  FailedCreate  4s (x11 over 9s)  replicaset-controller  Error creating: pods "kiali-kiali-kiali-operator-59cdf7fd69-" is forbidden: PodSecurityPolicy: unable to admit pod: 
[spec.initContainers[0].securityContext.runAsNonRoot: Invalid value: false: must be true 
spec.initContainers[0].securityContext.capabilities.add: Invalid value: "NET_ADMIN": capability may not be added 
spec.initContainers[0].securityContext.capabilities.add: Invalid value: "NET_RAW": capability may not be added]

If I'm overlooking something or if you have better guidance, please advise.
Thanks!!

Edited by Tim Martin

UNCLASSIFIED - NO CUI