feat: support using user-created serviceAccount and clusterRole

deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml

@@ -11,8 +11,6 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
-  annotations:
-    eck.k8s.elastic.co/license: basic
 ---
 # Source: elastic-agent/templates/agent/service-account.yaml
 apiVersion: v1
@@ -26,8 +24,6 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
-  annotations:
-    eck.k8s.elastic.co/license: basic
 ---
 # Source: elastic-agent/templates/agent/service-account.yaml
 apiVersion: v1
@@ -41,8 +37,6 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
-  annotations:
-    eck.k8s.elastic.co/license: basic
 ---
 # Source: elastic-agent/templates/agent/eck/secret.yaml
 apiVersion: v1
@@ -573,8 +567,6 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
-  annotations:
-    eck.k8s.elastic.co/license: basic
 rules:
   - apiGroups: [ "" ] # "" indicates the core API group
     resources:
@@ -698,8 +690,6 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
-  annotations:
-    eck.k8s.elastic.co/license: basic
 rules:
   - apiGroups: [ "" ] # "" indicates the core API group
     resources:
@@ -932,8 +922,6 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
-  annotations:
-    eck.k8s.elastic.co/license: basic
 rules:
   - apiGroups: [ "" ] # "" indicates the core API group
     resources:
@@ -1015,8 +1003,6 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
-  annotations:
-    eck.k8s.elastic.co/license: basic
 subjects:
   - kind: ServiceAccount
     name: agent-clusterwide-example
@@ -1037,8 +1023,6 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
-  annotations:
-    eck.k8s.elastic.co/license: basic
 subjects:
   - kind: ServiceAccount
     name: agent-ksmsharded-example
@@ -1059,8 +1043,6 @@ metadata:
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: 9.0.0
     app.kubernetes.io/managed-by: Helm
-  annotations:
-    eck.k8s.elastic.co/license: basic
 subjects:
   - kind: ServiceAccount
     name: agent-pernode-example

deploy/helm/elastic-agent/examples/nginx-custom-integration/agent-nginx-values.yaml

@@ -36,31 +36,35 @@ agent:
       mode: deployment
       securityContext:
         runAsUser: 0
-      rules:
-        # minimum cluster role ruleset required by agent
-        - apiGroups: [ "" ]
-          resources:
-            - nodes
-            - namespaces
-            - pods
-          verbs:
-            - get
-            - watch
-            - list
-        - apiGroups: [ "apps" ]
-          resources:
-            - replicasets
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups: [ "batch" ]
-          resources:
-            - jobs
-          verbs:
-            - get
-            - list
-            - watch
+      serviceAccount:
+        create: true
+      clusterRole:
+        create: true
+        rules:
+          # minimum cluster role ruleset required by agent
+          - apiGroups: [ "" ]
+            resources:
+              - nodes
+              - namespaces
+              - pods
+            verbs:
+              - get
+              - watch
+              - list
+          - apiGroups: [ "apps" ]
+            resources:
+              - replicasets
+            verbs:
+              - get
+              - list
+              - watch
+          - apiGroups: [ "batch" ]
+            resources:
+              - jobs
+            verbs:
+              - get
+              - list
+              - watch
       providers:
         kubernetes_leaderelection:
           enabled: false

deploy/helm/elastic-agent/examples/user-cluster-role/README.md

@@ -0,0 +1,30 @@
+# Example: Kubernetes Integration with User-created service account
+
+In this example we install the built-in `kubernetes` integration with the default built-in values, including the use of a user-created service account.
+
+## Prerequisites:
+1. A k8s secret that contains the connection details to an Elasticsearch cluster such as the URL and the API key ([Kibana - Creating API Keys](https://www.elastic.co/guide/en/kibana/current/api-keys.html)):
+    ```console
+    kubectl create secret generic es-api-secret \
+       --from-literal=api_key=... \
+       --from-literal=url=...
+    ```
+
+2. `kubernetes` integration assets installed through Kibana ([Kibana - Install and uninstall Elastic Agent integration assets](https://www.elastic.co/guide/en/fleet/current/install-uninstall-integration-assets.html))
+
+3. A k8s service account
+    ```console
+    kubectl create serviceaccount user-sa
+    ```
+
+## Run:
+```console
+helm install elastic-agent ../../ \
+     -f ./agent-kubernetes-values.yaml \
+     --set outputs.default.type=ESSecretAuthAPI \
+     --set outputs.default.secretName=es-api-secret
+```
+
+## Validate:
+
+1. The Kibana `kubernetes`-related dashboards should start showing up the respective info.

deploy/helm/elastic-agent/examples/user-cluster-role/agent-kubernetes-values.yaml

@@ -0,0 +1,18 @@
+kubernetes:
+  enabled: true
+
+agent:
+  unprivileged: true
+  presets:
+    perNode:
+      serviceAccount:
+        create: false
+        name: user-sa
+    clusterWide:
+      serviceAccount:
+        create: false
+        name: user-sa
+    ksmSharded:
+      serviceAccount:
+        create: false
+        name: user-sa