Add recommened roles for Elastic Agent on Kubernetes (#8188)

Amend the roles based on https://raw.githubusercontent.com/elastic/elastic-agent/v8.15.3/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml

config/e2e/rbac.yaml

@@ -38,6 +38,7 @@ rules:
       - list
       - delete
       - create
+      - watch
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -184,6 +185,7 @@ rules:
     - "batch"
     resources:
     - jobs
+    - cronjobs
     verbs:
     - "get"
     - "list"

config/recipes/elastic-agent/fleet-kubernetes-integration-nonroot.yaml

@@ -271,6 +271,7 @@ rules:
   - statefulsets
   - deployments
   - replicasets
+  - daemonsets
   verbs:
   - "get"
   - "list"
@@ -281,10 +282,23 @@ rules:
   - nodes/stats
   verbs:
   - get
+- nonResourceURLs:
+  - "/metrics"
+  verbs:
+  - get
 - apiGroups:
   - "batch"
   resources:
   - jobs
+  - cronjobs
+  verbs:
+  - "get"
+  - "list"
+  - "watch"
+- apiGroups:
+  - "storage.k8s.io"
+  resources:
+  - storageclasses
   verbs:
   - "get"
   - "list"

config/recipes/elastic-agent/fleet-kubernetes-integration.yaml

@@ -201,6 +201,7 @@ rules:
   - statefulsets
   - deployments
   - replicasets
+  - daemonsets
   verbs:
   - "get"
   - "list"
@@ -211,10 +212,23 @@ rules:
   - nodes/stats
   verbs:
   - get
+- nonResourceURLs:
+  - "/metrics"
+  verbs:
+  - get
 - apiGroups:
   - "batch"
   resources:
   - jobs
+  - cronjobs
+  verbs:
+  - "get"
+  - "list"
+  - "watch"
+- apiGroups:
+  - "storage.k8s.io"
+  resources:
+  - storageclasses
   verbs:
   - "get"
   - "list"

config/recipes/elastic-agent/kubernetes-integration.yaml

@@ -161,13 +161,33 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - "apps"
+  resources:
+  - statefulsets
+  - deployments
+  - replicasets
+  - daemonsets
+  verbs:
+  - "get"
+  - "list"
+  - "watch"
 - apiGroups: ["batch"]
   resources:
   - jobs
+  - cronjobs
   verbs:
   - get
   - list
   - watch
+- apiGroups:
+  - "storage.k8s.io"
+  resources:
+  - storageclasses
+  verbs:
+  - "get"
+  - "list"
+  - "watch"
 ---
 apiVersion: v1
 kind: ServiceAccount

deploy/eck-stack/charts/eck-agent/templates/tests/elastic-agent-cluster-role_test.yaml

@@ -83,6 +83,7 @@ tests:
           - statefulsets
           - deployments
           - replicasets
+          - daemonsets
       - equal:
           path: rules[4].verbs
           value:
@@ -101,14 +102,15 @@ tests:
           value:
           - get
       - equal:
-          path: rules[6].apiGroups[0]
+          path: rules[7].apiGroups[0]
           value: batch
       - equal:
-          path: rules[6].resources
+          path: rules[7].resources
           value:
           - jobs
+          - cronjobs
       - equal:
-          path: rules[6].verbs
+          path: rules[7].verbs
           value:
           - get
           - list

deploy/eck-stack/charts/eck-agent/values.yaml

@@ -163,6 +163,7 @@ clusterRole:
     - statefulsets
     - deployments
     - replicasets
+    - daemonsets
     verbs:
     - "get"
     - "list"
@@ -173,11 +174,24 @@ clusterRole:
     - nodes/stats
     verbs:
     - get
+  - nonResourceURLs:
+    - "/metrics"
+    verbs:
+    - get
   - apiGroups:
     - "batch"
     resources:
     - jobs
+    - cronjobs
     verbs:
     - "get"
     - "list"
     - "watch"
+  - apiGroups:
+    - "storage.k8s.io"
+    resources:
+    - storageclasses
+    verbs:
+    - "get"
+    - "list"
+    - "watch"