From 225885f76eef52ac1b7d14353833d0b318359d9c Mon Sep 17 00:00:00 2001
From: Todd Malsbary <todd.malsbary@intel.com>
Date: Thu, 3 Jun 2021 17:05:16 -0700
Subject: The sink app needs the CAP_NET_RAW capability

The CAP_NET_RAW capability is not available with the default
PodSecurityPolicy.  Create a service account and role binding to the
privileged policy and specify the sink to use it.

Issue-ID: MULTICLOUD-1310
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ib00ee1e8797d497d024a167fc9a0336d4c2a7ae1
---
 kud/demo/composite-firewall/sink/templates/serviceaccount.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 kud/demo/composite-firewall/sink/templates/serviceaccount.yaml

(limited to 'kud/demo/composite-firewall/sink/templates/serviceaccount.yaml')

diff --git a/kud/demo/composite-firewall/sink/templates/serviceaccount.yaml b/kud/demo/composite-firewall/sink/templates/serviceaccount.yaml
new file mode 100644
index 00000000..2dcd900c
--- /dev/null
+++ b/kud/demo/composite-firewall/sink/templates/serviceaccount.yaml
@@ -0,0 +1,10 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "sink.serviceAccountName" . }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}
-- 
cgit 1.2.3-korg