diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 56c51c465..c0e157a71 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -2,7 +2,7 @@ ## 2.4.0 -* Add configuration to grand to the operator the necessary RBAC for the CWS Instrumentation admission controller feature in the Cluster-Agent to work. +* Add configuration to grant the necessary RBAC to the operator for the CWS Instrumentation Admission Controller feature in the Cluster-Agent. ## 2.3.0 diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 5ffb81f8c..8db0f441e 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -6,14 +6,13 @@ | Key | Type | Default | Description | |-----|------|---------|-------------| -| addCWSInstrumentationRBAC | bool | `false` | Defines if the operator should be deployed with the RBAC required for the cluster-agent CWSInstrumentation feature. | | affinity | object | `{}` | Allows to specify affinity for Datadog Operator PODs | | apiKey | string | `nil` | Your Datadog API key | | apiKeyExistingSecret | string | `nil` | Use existing Secret which stores API key instead of creating a new one | | appKey | string | `nil` | Your Datadog APP key | | appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one | | clusterName | string | `nil` | Set a unique cluster name reporting from the Datadog Operator. | -| clusterRole | object | `{"allowReadAllResources":false}` | Set specific configuration for the cluster role | +| clusterRole | object | `{"addCWSInstrumentationRBAC":false,"allowReadAllResources":false}` | Set specific configuration for the cluster role | | collectOperatorMetrics | bool | `true` | Configures an openmetrics check to collect operator metrics | | containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for a container. | | datadogAgent.enabled | bool | `true` | Enables Datadog Agent controller | diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 1084a045b..bc27a46ec 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -803,7 +803,7 @@ rules: - list - watch {{- end }} -{{- if .Values.addCWSInstrumentationRBAC }} +{{- if .Values.clusterRole.addCWSInstrumentationRBAC }} - apiGroups: [""] resources: ["pods/exec"] verbs: ["create"] diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 54ff4c694..228a56bbb 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -197,6 +197,6 @@ clusterRole: # If collecting CRDs in the Kubernetes Explorer this is required allowReadAllResources: false -# addCWSInstrumentationRBAC -- Defines if the operator should be deployed with the RBAC required for the cluster-agent -# CWSInstrumentation feature. -addCWSInstrumentationRBAC: false + # addCWSInstrumentationRBAC -- Defines if the operator should be deployed with the RBAC required for the cluster-agent + # CWSInstrumentation feature. + addCWSInstrumentationRBAC: false