add basic external secrets CRDS

Signed-off-by: Roi Glinik <groi.tech@gmail.com>

Author: RoiGlinik

docs/setup-robusta/crds.rst

@@ -92,14 +92,15 @@ Robusta includes read-only permissions for common Kubernetes operators and tools
 
     runner:
       crdPermissions:
-        argo: true        # Argo CD, Argo Workflows, Argo Rollouts
-        flux: true        # Flux CD (GitOps toolkit)
-        kafka: true       # Strimzi Kafka
-        keda: true        # KEDA autoscaler
-        crossplane: true  # Crossplane
-        istio: true       # Istio service mesh
-        gatewayApi: true  # Kubernetes Gateway API
-        velero: true      # Velero backup/restore
+        argo: true             # Argo CD, Argo Workflows, Argo Rollouts
+        flux: true             # Flux CD (GitOps toolkit)
+        kafka: true            # Strimzi Kafka
+        keda: true             # KEDA autoscaler
+        crossplane: true       # Crossplane
+        istio: true            # Istio service mesh
+        gatewayApi: true       # Kubernetes Gateway API
+        velero: true           # Velero backup/restore
+        externalSecrets: true  # External Secrets Operator
 
 
 Applying the Configuration

helm/robusta/templates/runner-service-account.yaml

@@ -529,6 +529,20 @@ rules:
     - list
     - watch
 {{- end }}
+{{- if .Values.runner.crdPermissions.externalSecrets }}
+  # External Secrets Operator
+  - apiGroups:
+    - external-secrets.io
+    resources:
+    - externalsecrets
+    - secretstores
+    - clustersecretstores
+    - clusterexternalsecrets
+    verbs:
+    - get
+    - list
+    - watch
+{{- end }}
 
 ---
 apiVersion: v1

helm/robusta/values.yaml

@@ -749,6 +749,7 @@ runner:
     istio: true
     gatewayApi: true
     velero: true
+    externalSecrets: true
 
 kube-prometheus-stack:
   alertmanager: