CU-86c6kz47w edit patch all for custom resources edit flow (#478)

Author: TomDaTree

charts/komodor-agent/README.md

@@ -160,6 +160,7 @@ The command removes all the Kubernetes components associated with the chart and
 | capabilities.metrics | bool | `true` | Fetch workload metrics and send them to komodor backend |
 | capabilities.nodeEnricher | bool | `true` | Enable node enricher capabilities by the komodor agent |
 | capabilities.actions | bool | `true` | Allow users to perform actions on the cluster, granular access control is defined in the application<boolean> |
+| capabilities.crActions | bool | `true` | Allow komodor service account to edit and delete custom resources in the cluster |
 | capabilities.cost | object | See sub-values | Configure the agent cost capabilities |
 | capabilities.cost.hpa | bool | `true` | Enable patch and update permissions for KEDA ScaledObjects and ScaledJobs |
 | capabilities.helm | object | `{"enabled":true,"readonly":false}` | Enable helm capabilities by the komodor agent |

charts/komodor-agent/templates/clusterrole.yaml

@@ -481,6 +481,11 @@ rules:
     verbs:
     - create
 {{- end}}
+{{- if .Values.capabilities.crActions}}
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["delete", "list", "get", "watch", "patch"]
+{{- end}}
 {{- if .Values.capabilities.events.create }}
   - apiGroups:
       - ""

charts/komodor-agent/values.yaml

@@ -73,6 +73,8 @@ capabilities:
   nodeEnricher: true
   # capabilities.actions -- (bool) Allow users to perform actions on the cluster, granular access control is defined in the application<boolean>
   actions: true
+  # capabilities.crActions -- (bool) Allow komodor service account to edit and delete custom resources in the cluster
+  crActions: true
   # capabilities.cost -- Configure the agent cost capabilities
   # @default -- See sub-values
   cost: