Bug 2187603

Summary: [DPDK Checkup] Add ServiceAccount and SCC for the traffic generator pod
Product: Container Native Virtualization (CNV) Reporter: Orel Misan <omisan>
Component: DocumentationAssignee: Avital Pinnick <apinnick>
Status: CLOSED NEXTRELEASE QA Contact: Yossi Segev <ysegev>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 4.13.0   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-04-20 10:13:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Orel Misan 2023-04-18 06:36:18 UTC 
Document URL: 

modules/virt-checking-cluster-dpdk-readiness.adoc

Section Number and Name: 
.Example roles manifest

Describe the issue: 

An additional ServiceAccount is needed:
```
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dpdk-checkup-traffic-gen-sa
```

Also the following SecurityContextConstraints object is needed as well:
```
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
  name: dpdk-checkup-traffic-gen
allowHostDirVolumePlugin: true
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: false
allowPrivilegedContainer: false
allowedCapabilities:
- IPC_LOCK
- NET_ADMIN
- NET_RAW
- SYS_RESOURCE
defaultAddCapabilities: null
fsGroup:
  type: RunAsAny
groups: []
readOnlyRootFilesystem: false
requiredDropCapabilities: null
runAsUser:
  type: RunAsAny
seLinuxContext:
  type: RunAsAny
seccompProfiles:
- runtime/default
- unconfined
supplementalGroups:
  type: RunAsAny
users:
- system:serviceaccount:dpdk-checkup-ns:dpdk-checkup-traffic-gen-sa
volumes:
- hostPath
```

Without these additions, the checkup cannot start.

Suggestions for improvement: 

Additional information: 
Link to change on upstream documentation https://github.com/kiagnose/kubevirt-dpdk-checkup/pull/102/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5
Comment 2 Avital Pinnick 2023-04-20 10:13:36 UTC 
Changes approved and merged.