From 366700d8f3593ad250be0aa0aa9b57948cfe70e6 Mon Sep 17 00:00:00 2001
From: Michael McCune <elmiko@redhat.com>
Date: Fri, 29 Apr 2022 13:55:36 -0400
Subject: [PATCH] update README with information about rbac changes

this adds more information about the rbac changes necessary for the
scale from zero support to work.
---
 .../cloudprovider/clusterapi/README.md        | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/cluster-autoscaler/cloudprovider/clusterapi/README.md b/cluster-autoscaler/cloudprovider/clusterapi/README.md
index 80d0208c9937..e807ac71ad85 100644
--- a/cluster-autoscaler/cloudprovider/clusterapi/README.md
+++ b/cluster-autoscaler/cloudprovider/clusterapi/README.md
@@ -204,6 +204,29 @@ metadata:
 This value is inspired by the Kubernetes best practices
 [Considerations for large clusters](https://kubernetes.io/docs/setup/best-practices/cluster-large/).
 
+#### RBAC changes for scaling from zero
+
+If you are using the opt-in support for scaling from zero as defined by the
+Cluster API infrastructure provider, you will need to add the infrastructure
+machine template types to your role permissions for the service account
+associated with the cluster autoscaler deployment. The service account will
+need permission to `get` and `list` the infrastructure machine templates for
+your infrastructure provider.
+
+For example, when using the [Kubemark provider](https://github.com/kubernetes-sigs/cluster-api-provider-kubemark)
+you will need to set the following permissions:
+
+```yaml
+rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    resources:
+    - kubemarkmachinetemplates
+    verbs:
+    - get
+    - list
+```
+
 ## Specifying a Custom Resource Group
 
 By default all Kubernetes resources consumed by the Cluster API provider will