add docs for RBAC requirements

gentele · gentele · commit 221b431f46a1 · 2018-09-21T14:27:52.000+02:00
diff --git a/docs/docs/advanced/rbac.md b/docs/docs/advanced/rbac.md
@@ -0,0 +1,60 @@
+---
+title: RBAC / Permissions
+---
+
+To start Tiller within your cluster, you need to ensure that your Kubernetes user must be admin in all namespaces that you are using and that your user has the permission to create ClusterRoles and ClusterRoleBindings in the namespace for the tiller release.
+
+If you run into permission errors, please create the following resources in your cluster:
+
+Role:
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: devspace-user
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  - roles
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+```
+
+RoleBinding (make sure to replace $USERNAME within the last line):
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: devspace-user-binding
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: devspace-user
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: $USERNAME
+```
