From 749abfbe28bb1dc0aaef932286b46e64ae14bcf9 Mon Sep 17 00:00:00 2001
From: Deepanshu Agrawal <deagraw@microsoft.com>
Date: Thu, 14 Jan 2021 23:50:04 +0530
Subject: [PATCH] new yaml files

---
 .../clusteruser/cluster-user-role-binding.yaml     | 12 ++++++++++++
 .../onboarding/clusteruser/cluster-user-role.yaml  | 14 ++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 scripts/onboarding/clusteruser/cluster-user-role-binding.yaml
 create mode 100644 scripts/onboarding/clusteruser/cluster-user-role.yaml

diff --git a/scripts/onboarding/clusteruser/cluster-user-role-binding.yaml b/scripts/onboarding/clusteruser/cluster-user-role-binding.yaml
new file mode 100644
index 000000000..fce2fc582
--- /dev/null
+++ b/scripts/onboarding/clusteruser/cluster-user-role-binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: containerHealth-read-logs-global
+roleRef:
+  kind: ClusterRole
+  name: containerHealth-log-reader
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: User
+    name: clusterUser
+    apiGroup: rbac.authorization.k8s.io
diff --git a/scripts/onboarding/clusteruser/cluster-user-role.yaml b/scripts/onboarding/clusteruser/cluster-user-role.yaml
new file mode 100644
index 000000000..b3519fdd3
--- /dev/null
+++ b/scripts/onboarding/clusteruser/cluster-user-role.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: containerHealth-log-reader
+rules:
+  - apiGroups: ["", "metrics.k8s.io", "extensions", "apps"]
+    resources:
+      - "pods/log"
+      - "events"
+      - "nodes"
+      - "pods"
+      - "deployments"
+      - "replicasets"
+    verbs: ["get", "list"]