The sink app needs the CAP_NET_RAW capability

The CAP_NET_RAW capability is not available with the default PodSecurityPolicy. Create a service account and role binding to the privileged policy and specify the sink to use it. Issue-ID: MULTICLOUD-1310 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Ib00ee1e8797d497d024a167fc9a0336d4c2a7ae1
author: Todd Malsbary <todd.malsbary@intel.com> 2021-06-03 17:05:16 -0700
committer: Todd Malsbary <todd.malsbary@intel.com> 2021-06-04 14:25:36 -0700
commit: 225885f76eef52ac1b7d14353833d0b318359d9c (patch)
tree: 4fdc2b8cfb088cc23bbc5776edb136e2a7c711e4 /kud/demo/composite-firewall/sink/templates/deployment.yaml
parent: 99f2be307f194e1f6a60e4098e82f6775c8dad5b (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/kud/demo/composite-firewall/sink/templates/deployment.yaml b/kud/demo/composite-firewall/sink/templates/deployment.yaml
index f1f56b28..e65a64fb 100644
--- a/kud/demo/composite-firewall/sink/templates/deployment.yaml
+++ b/kud/demo/composite-firewall/sink/templates/deployment.yaml
@@ -18,6 +18,7 @@ spec:
         app: {{ include "sink.name" . }}
         release: {{ .Release.Name }}
     spec:
+      serviceAccountName: {{ include "sink.serviceAccountName" . }}
       containers:
       - name: {{ .Chart.Name }}
         image: "{{ .Values.image.sinkrepo }}:{{ .Values.image.sinktag }}"
author	Todd Malsbary <todd.malsbary@intel.com>	2021-06-03 17:05:16 -0700
committer	Todd Malsbary <todd.malsbary@intel.com>	2021-06-04 14:25:36 -0700
commit	225885f76eef52ac1b7d14353833d0b318359d9c (patch)
tree	4fdc2b8cfb088cc23bbc5776edb136e2a7c711e4 /kud/demo/composite-firewall/sink/templates/deployment.yaml
parent	99f2be307f194e1f6a60e4098e82f6775c8dad5b (diff)