[CONTINT-4500] Add EKS Clusterrole Rule for EKS control plane metrics

internal/controller/datadogagent/feature/enabledefault/rbac.go

@@ -26,6 +26,7 @@ func getDefaultAgentClusterRolePolicyRules(excludeNonResourceRules bool) []rbacv
 		getKubeletPolicyRule(),
 		getEndpointsPolicyRule(),
 		getLeaderElectionPolicyRule(),
+		getEKSControlPlaneMetricsPolicyRule(),
 	}
 
 	if !excludeNonResourceRules {
@@ -35,6 +36,19 @@ func getDefaultAgentClusterRolePolicyRules(excludeNonResourceRules bool) []rbacv
 	return policyRule
 }
 
+func getEKSControlPlaneMetricsPolicyRule() rbacv1.PolicyRule {
+	return rbacv1.PolicyRule{
+		APIGroups: []string{rbac.EKSMetricsAPIGroup},
+		Resources: []string{
+			rbac.EKSKubeControllerManagerMetrics,
+			rbac.EKSKubeSchedulerMetrics,
+		},
+		Verbs: []string{
+			rbac.GetVerb,
+		},
+	}
+}
+
 func getMetricsEndpointPolicyRule() rbacv1.PolicyRule {
 	return rbacv1.PolicyRule{
 		NonResourceURLs: []string{
@@ -286,6 +300,8 @@ func getDefaultClusterChecksRunnerClusterRolePolicyRules(dda metav1.Object, excl
 				rbac.GetVerb,
 			},
 		},
+		// EKS kube_scheduler and kube_controller_manager control plane metrics
+		getEKSControlPlaneMetricsPolicyRule(),
 	}
 
 	if !excludeNonResourceRules {

pkg/kubernetes/rbac/const.go

@@ -30,6 +30,7 @@ const (
 	RbacAPIGroup             = "rbac.authorization.k8s.io"
 	RegistrationAPIGroup     = "apiregistration.k8s.io"
 	StorageAPIGroup          = "storage.k8s.io"
+	EKSMetricsAPIGroup       = "metrics.eks.amazonaws.com"
 
 	// Resources
 
@@ -85,7 +86,8 @@ const (
 	VolumeAttachments                   = "volumeattachments"
 	VPAResource                         = "verticalpodautoscalers"
 	WpaResource                         = "watermarkpodautoscalers"
-
+	EKSKubeControllerManagerMetrics     = "kcm/metrics"
+	EKSKubeSchedulerMetrics             = "ksh/metrics"
 	// Non resource URLs
 
 	HealthzURL     = "/healthz"