From a1fcb5dba74f25c6d203176c57305263bddc7f02 Mon Sep 17 00:00:00 2001
From: Michael Wolf <michael.wolf@elastic.co>
Date: Thu, 19 Jan 2023 19:50:33 +0000
Subject: [PATCH] Add storageclasses permissions to elastic-defend template
 (#38)

Add get, list, watch permissions for storageclasses in kubernetes managed agent manifest, which are required for the agent to monitor these resources

This ports the change from the agent kubernetes templates: elastic/elastic-agent#1470

Closes #35
---
 releases/8.5.0/kubernetes/deploy/elastic-defend.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/releases/8.5.0/kubernetes/deploy/elastic-defend.yaml b/releases/8.5.0/kubernetes/deploy/elastic-defend.yaml
index ced2270..2ef6dfd 100644
--- a/releases/8.5.0/kubernetes/deploy/elastic-defend.yaml
+++ b/releases/8.5.0/kubernetes/deploy/elastic-defend.yaml
@@ -290,6 +290,10 @@ rules:
     resources:
       - podsecuritypolicies
     verbs: ["get", "list", "watch"]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources:
+      - storageclasses
+    verbs: [ "get", "list", "watch" ]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role