[cws-instrumentation] Nest configuration under clusterRole

DataDog · Dec 3, 2024 · 8c60e62 · 8c60e62
1 parent 186385a
commit 8c60e62
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 7 deletions.
diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md
@@ -2,7 +2,7 @@
 
 ## 2.4.0
 
-* Add configuration to grand to the operator the necessary RBAC for the CWS Instrumentation admission controller feature in the Cluster-Agent to work.
+* Add configuration to grant the necessary RBAC to the operator for the CWS Instrumentation Admission Controller feature in the Cluster-Agent.
 
 ## 2.3.0
 

diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md
@@ -6,14 +6,13 @@
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| addCWSInstrumentationRBAC | bool | `false` | Defines if the operator should be deployed with the RBAC required for the cluster-agent CWSInstrumentation feature. |
 | affinity | object | `{}` | Allows to specify affinity for Datadog Operator PODs |
 | apiKey | string | `nil` | Your Datadog API key |
 | apiKeyExistingSecret | string | `nil` | Use existing Secret which stores API key instead of creating a new one |
 | appKey | string | `nil` | Your Datadog APP key |
 | appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one |
 | clusterName | string | `nil` | Set a unique cluster name reporting from the Datadog Operator. |
-| clusterRole | object | `{"allowReadAllResources":false}` | Set specific configuration for the cluster role |
+| clusterRole | object | `{"allowCreatePodsExec":false,"allowReadAllResources":false}` | Set specific configuration for the cluster role |
 | collectOperatorMetrics | bool | `true` | Configures an openmetrics check to collect operator metrics |
 | containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for a container. |
 | datadogAgent.enabled | bool | `true` | Enables Datadog Agent controller |

diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml
@@ -803,7 +803,7 @@ rules:
   - list
   - watch
 {{- end }}
-{{- if .Values.addCWSInstrumentationRBAC }}
+{{- if .Values.clusterRole.allowCreatePodsExec }}
 - apiGroups: [""]
   resources: ["pods/exec"]
   verbs: ["create"]

diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml
@@ -197,6 +197,5 @@ clusterRole:
   # If collecting CRDs in the Kubernetes Explorer this is required
   allowReadAllResources: false
 
-# addCWSInstrumentationRBAC -- Defines if the operator should be deployed with the RBAC required for the cluster-agent
-# CWSInstrumentation feature.
-addCWSInstrumentationRBAC: false
+  # allowCreatePodsExec is required for `remote_copy` mode of the CWS Instrumentation feature.
+  allowCreatePodsExec: false