-
Bug
-
Resolution: Won't Do
-
Critical
-
None
Document URL:
modules/virt-checking-cluster-dpdk-readiness.adoc
Section Number and Name:
.Example roles manifest
Describe the issue:
An additional ServiceAccount is needed:
```
—
apiVersion: v1
kind: ServiceAccount
metadata:
name: dpdk-checkup-traffic-gen-sa
```
Also the following SecurityContextConstraints object is needed as well:
```
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: dpdk-checkup-traffic-gen
allowHostDirVolumePlugin: true
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: false
allowPrivilegedContainer: false
allowedCapabilities:
- IPC_LOCK
- NET_ADMIN
- NET_RAW
- SYS_RESOURCE
defaultAddCapabilities: null
fsGroup:
type: RunAsAny
groups: []
readOnlyRootFilesystem: false
requiredDropCapabilities: null
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles: - runtime/default
- unconfined
supplementalGroups:
type: RunAsAny
users: - system:serviceaccount:dpdk-checkup-ns:dpdk-checkup-traffic-gen-sa
volumes: - hostPath
```
Without these additions, the checkup cannot start.
Suggestions for improvement:
Additional information:
Link to change on upstream documentation https://github.com/kiagnose/kubevirt-dpdk-checkup/pull/102/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5