[DCA] [orchestrator] add pv and pvc rbac (#365)

* [DCA] [orchestrator] add pv and pvc rbac * Add kubebuilder comment for PV and PVC Co-authored-by: cedric lamoriniere <cedric.lamoriniere@datadoghq.com>
DataDog · Aug 26, 2021 · bf28eca · bf28eca
1 parent c388bdc
commit bf28eca
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/controllers/datadogagent/clusteragent.go b/controllers/datadogagent/clusteragent.go
@@ -1359,6 +1359,17 @@ func buildClusterAgentClusterRole(dda *datadoghqv1alpha1.DatadogAgent, name, age
 				datadoghqv1alpha1.GetVerb,
 			},
 		})
+
+		// PV and PVC
+		rbacRules = append(rbacRules, rbacv1.PolicyRule{
+			APIGroups: []string{datadoghqv1alpha1.CoreAPIGroup},
+			Resources: []string{datadoghqv1alpha1.PersistentVolumesResource, datadoghqv1alpha1.PersistentVolumeClaimsResource},
+			Verbs: []string{
+				datadoghqv1alpha1.ListVerb,
+				datadoghqv1alpha1.WatchVerb,
+				datadoghqv1alpha1.GetVerb,
+			},
+		})
 	}
 
 	if isComplianceEnabled(&dda.Spec) {

diff --git a/controllers/datadogagent_controller.go b/controllers/datadogagent_controller.go
@@ -116,6 +116,8 @@ type DatadogAgentReconciler struct {
 // +kubebuilder:rbac:groups=apps,resources=daemonsets,verbs=get;list;watch
 // +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;watch
 // +kubebuilder:rbac:groups=batch,resources=cronjobs,verbs=get;list;watch
+// +kubebuilder:rbac:groups="",resources=persistentvolumeclaims,verbs=list;watch
+// +kubebuilder:rbac:groups="",resources=persistentvolumes,verbs=list;watch
 
 // Kubernetes_state_core
 // +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;watch