From 225885f76eef52ac1b7d14353833d0b318359d9c Mon Sep 17 00:00:00 2001
From: Todd Malsbary <todd.malsbary@intel.com>
Date: Thu, 3 Jun 2021 17:05:16 -0700
Subject: The sink app needs the CAP_NET_RAW capability

The CAP_NET_RAW capability is not available with the default
PodSecurityPolicy.  Create a service account and role binding to the
privileged policy and specify the sink to use it.

Issue-ID: MULTICLOUD-1310
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ib00ee1e8797d497d024a167fc9a0336d4c2a7ae1
---
 kud/demo/composite-firewall/sink/values.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'kud/demo/composite-firewall/sink/values.yaml')

diff --git a/kud/demo/composite-firewall/sink/values.yaml b/kud/demo/composite-firewall/sink/values.yaml
index 245c9dea..b7ba1913 100644
--- a/kud/demo/composite-firewall/sink/values.yaml
+++ b/kud/demo/composite-firewall/sink/values.yaml
@@ -59,3 +59,20 @@ global:
   demoArtifactsVersion: 1.6.0
   dcaeCollectorIp: 10.0.4.1
   dcaeCollectorPort: 8081
+
+###
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+## RBAC parameteres
+## https://kubernetes.io/docs/reference/access-authn-authz/rbac/
+##
+rbac:
+  create: true
-- 
cgit 1.2.3-korg