InitContainer lacks allowPrivilegeEscalation setting which triggers Azure Gatekeeper OPA

[ashpr]

Hello,

I'm afraid to report that OpenTel instrumentation cannot be used with Azure Gatekeeper OPA because of Privilege Escalation not being explicitly set to False on the instrumentation initContainer securityContext.

Unless I'm mistaken I cant seem to find a way to explicitly override this. Would it be possible to set this (if privilege escalation is required) or allow it to be overridden via YAML Values?

[pavolloffay]

@ashpr is this related to #1058 ? PRs are welcome to fix the issue.

[ashpr]

@pavolloffay Good spot! Its definitely the same area although Azures OPA is a lot stricter and demands more, including runAsNonRoot being explicitly false.

I'm happy to give it a punt and test it against our cluster. Should this issue remain open or consolidate on #1058 ?