diff options
author | Todd Malsbary <todd.malsbary@intel.com> | 2021-06-03 17:05:16 -0700 |
---|---|---|
committer | Todd Malsbary <todd.malsbary@intel.com> | 2021-06-04 14:25:36 -0700 |
commit | 225885f76eef52ac1b7d14353833d0b318359d9c (patch) | |
tree | 4fdc2b8cfb088cc23bbc5776edb136e2a7c711e4 /kud/demo/composite-firewall/sink/templates/deployment.yaml | |
parent | 99f2be307f194e1f6a60e4098e82f6775c8dad5b (diff) |
The sink app needs the CAP_NET_RAW capability
The CAP_NET_RAW capability is not available with the default
PodSecurityPolicy. Create a service account and role binding to the
privileged policy and specify the sink to use it.
Issue-ID: MULTICLOUD-1310
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ib00ee1e8797d497d024a167fc9a0336d4c2a7ae1
Diffstat (limited to 'kud/demo/composite-firewall/sink/templates/deployment.yaml')
-rw-r--r-- | kud/demo/composite-firewall/sink/templates/deployment.yaml | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/kud/demo/composite-firewall/sink/templates/deployment.yaml b/kud/demo/composite-firewall/sink/templates/deployment.yaml index f1f56b28..e65a64fb 100644 --- a/kud/demo/composite-firewall/sink/templates/deployment.yaml +++ b/kud/demo/composite-firewall/sink/templates/deployment.yaml @@ -18,6 +18,7 @@ spec: app: {{ include "sink.name" . }} release: {{ .Release.Name }} spec: + serviceAccountName: {{ include "sink.serviceAccountName" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.sinkrepo }}:{{ .Values.image.sinktag }}" |