[Blocker] Kyverno admission controller blocking the telegraf container restricting the pods to run due to securityContext.

[Vineet2530]

Describe the issue here.

Problem :

I have a telegraf operator running in my kubernetes cluster, deployed via helm method. The operator is injecting the telegraf sidecar successfully with my application.
But, when I am deploying my application the Kyverno admission controller blocking the pods to run. This is happening due to kyverno policies like drop-all-capabilities, require-run-as-nonroot are getting violated.
I tried adding the securityContext via telegraf operator but looks like it is getting applied only to operator and not on the telegraf sidecar container.

Questions:

1. Is there any way (like annotations or something) to apply securityContext to telegraf sidecar container?
2. Can we configure the telegraf operator in such a way that it will know what and all securityContext to apply on injected telegraf container?

Please provide solution asap as this seems as blocker.

Relevant URLs

• Provide relevant URLs

What products and version are you using?

telegraf version: 1.22
chart used for deployment: https://github.com/influxdata/helm-charts/blob/master/charts/telegraf-operator/values.yaml