[filebeat] Configurable ClusterRole

filebeat/README.md

@@ -91,6 +91,7 @@ as a reference. They are also used in the automated testing of this chart.
 | Parameter                   | Description                                                                                                                                                                     | Default                            |
 |-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------|
 | `affinity`                  | Configurable [affinity][]                                                                                                                                                       | `{}`                               |
+| `clusterRoleRules`          | Configurable [cluster role rules][] that Metricbeat uses to access Kubernetes resources                                                                                         | see [values.yaml][]                 |
 | `dnsConfig`                 | Configurable [dnsConfig][]                                                                                                                                                      | `{}`                               |
 | `envFrom`                   | Templatable string of envFrom to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container                          | `[]`                               |
 | `extraContainers`           | List of additional init containers to be added at the DaemonSet                                                                                                                 | `""`                               |
@@ -191,6 +192,7 @@ about our development and testing process.
 [CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md
 [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
 [annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+[cluster role rules]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
 [default Elasticsearch Helm chart]: https://github.com/elastic/helm-charts/tree/master/elasticsearch/README.md#default
 [dnsConfig]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
 [environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config

filebeat/templates/clusterrole.yaml

@@ -8,15 +8,5 @@ metadata:
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     heritage: {{ .Release.Service | quote }}
     release: {{ .Release.Name | quote }}
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  - nodes
-  - pods
-  verbs:
-  - get
-  - list
-  - watch
+rules: {{ toYaml .Values.clusterRoleRules | nindent 2 -}}
 {{- end -}}

filebeat/values.yaml

@@ -94,6 +94,18 @@ readinessProbe:
 # Whether this chart should self-manage its service account, role, and associated role binding.
 managedServiceAccount: true
 
+clusterRoleRules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - nodes
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+
 # additionals labels
 labels: {}