From 764e2df628be9634976f4eaa2943bcf94d87a9b7 Mon Sep 17 00:00:00 2001
From: akash patro <aptro@users.noreply.github.com>
Date: Sat, 12 Jun 2021 21:41:34 +0530
Subject: [PATCH] fix: permission resource lease for API group
 "coordination.k8s.io"

This config fixes the issue. Tested on EKS, 1.19.
error retrieving resource lock kube-system/elastic-agent-cluster-leader: leases.coordination.k8s.io "elastic-agent-cluster-leader" is forbidden: User "system:serviceaccount:kube-system:agent-ingest-management" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system"
---
 deploy/kubernetes/elastic-agent-kubernetes.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/deploy/kubernetes/elastic-agent-kubernetes.yaml b/deploy/kubernetes/elastic-agent-kubernetes.yaml
index dae375c8e7f..f05e58982e8 100644
--- a/deploy/kubernetes/elastic-agent-kubernetes.yaml
+++ b/deploy/kubernetes/elastic-agent-kubernetes.yaml
@@ -135,6 +135,15 @@ rules:
       - "/metrics"
     verbs:
       - get
+  - apiGroups:
+    - coordination.k8s.io
+    resources:
+    - leases
+    verbs:
+    - create
+    - get
+    - list
+    - update
 ---
 apiVersion: v1
 kind: ServiceAccount