Modifying IBM Cloud Private security policy
If you plan to use embedded Elasticsearch and Kibana (rather than an external Elasticsearch installation), and only in this case, you must ensure that the target namespace for IBM® Business Automation Insights deployment is bound to a pod security policy that supports running privileged containers.
About this task
By default, a Kubernetes service account does not have the permissions to deploy to the target
namespace any pods that require privileged containers. To enable such deployment, you must modify
the default behavior. To do so, you create the appropriate PodSecurityPolicy,
ClusterRole, and ClusterRoleBinding Kubernetes resources by using
kubectl commands.
Note: If you have upgraded your IBM Business Automation
Insights installation from version 18.0.0, you
do not have to follow this procedure to modify the ICP security policy. However, if you choose to do
it, first roll back the changes that you made through the kubectl edit clusterrolebindings
privileged-psp-users command when you installed IBM Business Automation
Insights 18.0.