[BUG] OpenSearch config init container lacks security context and is therefore not created in environments with restricted pod security standards #685
Description
What is the bug?
The config init container does not get created in a Kubernetes cluster with restricted policy level. This init container of the opensearch helm chart may be used to customize configurations by modifying opensearch.yml file, log4j2.properties among other custom configurations. However, the current template does not create the init container with the security context supplied in the values file. This is not a problem in clusters with priviledged and baseline policies; however, in restricted cluster, the init container is not created off the bat unless the security context is modified.
How can one reproduce the bug?
To reproduce this bug, install the opensearch helm chart in a priviledged Kubernetes cluster. Supply the security context in the values.yaml
What is the expected behavior?
I expected that the security context in the values file will be applied not only to the opensearch container but the init containers as well. This would have improved portability of the opensearch helm. While the statefulset can be edited and the security context provided, it makes the chart less portable across different environments.
What is your host/environment?
I am installing the opensearch helm chart on a Tanzu Kubernetes Grid cluster version v1.28.8+vmware.1-fips.1.
Do you have any screenshots?
Before modifying the security context explcitly at the statefulset level, here is the screenshot
