Add rbac permission for argocd to allow creating resources (#9130)

Co-authored-by: rrajashe <[email protected]>

Author: raks-tt

components/monitoring/logging/staging/base/dynatrace-operator/dynatrace-maintainers.yaml

@@ -0,0 +1,53 @@
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: dynatrace-maintainers
+  namespace: dynatrace
+subjects:
+  - kind: Group
+    name: konflux-o11y
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: component-maintainer
+---
+# Role for ArgoCD to manage DynaKube resources in dynatrace namespace
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: dynakube-manager
+  namespace: dynatrace
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+rules:
+  - apiGroups:
+      - dynatrace.com
+    resources:
+      - dynakubes
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+---
+# RoleBinding to grant remote-argocd service account permissions to manage DynaKube resources
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: grant-argocd-dynakube-permissions
+  namespace: dynatrace
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: dynakube-manager
+subjects:
+  - kind: ServiceAccount
+    name: remote-argocd
+    namespace: remote-argocd
+

components/monitoring/logging/staging/base/dynatrace-operator/dynatrace-rbac.yaml

@@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - dynatrace-operator.yaml
-- dynatrace-maintainers.yaml
+- dynatrace-rbac.yaml
 - dynakube-secret.yaml
 - dynakube.yaml