diff --git a/charts/komodor-agent/README.md b/charts/komodor-agent/README.md index d30355810..aed19056d 100644 --- a/charts/komodor-agent/README.md +++ b/charts/komodor-agent/README.md @@ -160,6 +160,7 @@ The command removes all the Kubernetes components associated with the chart and | capabilities.metrics | bool | `true` | Fetch workload metrics and send them to komodor backend | | capabilities.nodeEnricher | bool | `true` | Enable node enricher capabilities by the komodor agent | | capabilities.actions | bool | `true` | Allow users to perform actions on the cluster, granular access control is defined in the application | +| capabilities.crActions | bool | `true` | Allow komodor service account to edit and delete custom resources in the cluster | | capabilities.cost | object | See sub-values | Configure the agent cost capabilities | | capabilities.cost.hpa | bool | `true` | Enable patch and update permissions for KEDA ScaledObjects and ScaledJobs | | capabilities.helm | object | `{"enabled":true,"readonly":false}` | Enable helm capabilities by the komodor agent | diff --git a/charts/komodor-agent/templates/clusterrole.yaml b/charts/komodor-agent/templates/clusterrole.yaml index f6f3d8b00..a0ad3f14f 100644 --- a/charts/komodor-agent/templates/clusterrole.yaml +++ b/charts/komodor-agent/templates/clusterrole.yaml @@ -481,6 +481,11 @@ rules: verbs: - create {{- end}} +{{- if .Values.capabilities.crActions}} + - apiGroups: ["*"] + resources: ["*"] + verbs: ["delete", "list", "get", "watch", "patch"] +{{- end}} {{- if .Values.capabilities.events.create }} - apiGroups: - "" diff --git a/charts/komodor-agent/values.yaml b/charts/komodor-agent/values.yaml index 407bbdacd..ddc1723d7 100644 --- a/charts/komodor-agent/values.yaml +++ b/charts/komodor-agent/values.yaml @@ -73,6 +73,8 @@ capabilities: nodeEnricher: true # capabilities.actions -- (bool) Allow users to perform actions on the cluster, granular access control is defined in the application actions: true + # capabilities.crActions -- (bool) Allow komodor service account to edit and delete custom resources in the cluster + crActions: true # capabilities.cost -- Configure the agent cost capabilities # @default -- See sub-values cost: