Security Requirements
Kubernetes Service Account
To create a Service Account with privileged access for tapping, run the following commands:
Copykubectl create ns uctc
kubectl create sa gigamon -n uctc
Use the Gigamon service account in uctc-tap.yaml that allows UCT-C to appear as a privileged pod.
If you are using the OpenShift Platform, refer to the following sections:
| Using YAML: In YAML deployment, for the Red Hat OpenShift Container Platform, use the following command: |
Copyoc adm policy add-scc-to-user -z gigamon privileged -n uctc
| Using Helm: In a Helm deployment for the Red Hat OpenShift Container Platform, set the create value to True under securityContextConstraints in values.yaml. This configuration generates a customized Security Context Constraint (SCC) with the necessary permissions required for deploying the UCT-C solution on OpenShift. |
CopysecurityContextConstraints:
create: True
name: "gigamon"
Note: Security Context is not required in other platforms.
Access and Permissions Required for Deployment
To deploy the solution, you should have the below permissions:
| If you use standard ports like 443 for Controller to GigaVUE-FM communication, ensure to launch the Controller with privileged access. |
| You should have Privileged user access since UCT-C Tap pods require privileged access for Mirroring or Precryption. |
