[Orch] Add additional permissions for operator to view CRDs

When using the Operator, we need additional permissions for CRDs. We need to allow the cluster agent to view these custom resources and in order to do that the operator needs permission to see them. This is currently disabled by default
DataDog · Oct 23, 2024 · 61900b4 · 61900b4
1 parent 4b12bb1
commit 61900b4
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml
@@ -794,5 +794,20 @@ rules:
   - patch
   - update
 {{- end }}
+{{- if .Values.orchestratorExplorer.listAndWatchAll }}
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - list
+  - watch
+{{- end }}
 {{- end }}
-
diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml
@@ -190,3 +190,8 @@ livenessProbe:
   # timeoutSeconds: 1
   # successThreshold: 1
   # failureThreshold: 3
+
+# orchestratorExplorer -- Set specific configuration for orchestratorExplorer in the operator
+orchestratorExplorer:
+  #listAndWatchAll is required to allow the operator to view all custom resources
+  listAndWatchAll: false