Code Review / multicloud / k8s.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 99f2be3) | patch
The sink app needs the CAP_NET_RAW capability 94/121694/2
authorTodd Malsbary <todd.malsbary@intel.com>
Fri, 4 Jun 2021 00:05:16 +0000 (17:05 -0700)
committerTodd Malsbary <todd.malsbary@intel.com>
Fri, 4 Jun 2021 21:25:36 +0000 (14:25 -0700)
commit225885f76eef52ac1b7d14353833d0b318359d9c
tree4fdc2b8cfb088cc23bbc5776edb136e2a7c711e4tree | snapshot
parent99f2be307f194e1f6a60e4098e82f6775c8dad5bcommit | diff
The sink app needs the CAP_NET_RAW capability

The CAP_NET_RAW capability is not available with the default
PodSecurityPolicy.  Create a service account and role binding to the
privileged policy and specify the sink to use it.

Issue-ID: MULTICLOUD-1310
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ib00ee1e8797d497d024a167fc9a0336d4c2a7ae1
kud/demo/composite-firewall/sink/templates/_helpers.tpl diff | blob | history
kud/demo/composite-firewall/sink/templates/deployment.yaml diff | blob | history
kud/demo/composite-firewall/sink/templates/rolebinding.yaml [new file with mode: 0644] blob
kud/demo/composite-firewall/sink/templates/serviceaccount.yaml [new file with mode: 0644] blob
kud/demo/composite-firewall/sink/values.yaml diff | blob | history
To contain a POC for Kubernetes plugin