doc: add k8s rbac minimal config

docs/service-discovery/kubernetes.md

@@ -17,9 +17,47 @@ First, you need to add the Stork Kubernetes Service Discovery provider:
 </dependency>
 ```
 
-####A few words about server authentication. 
+#### A few words about server authentication. 
 Stork uses Fabric8 Kubernetes Client to access the Kubernetes resources, concretely the `DefaultKubernetesClient` implementation. It will try to read the ~/.kube/config file in your home directory and load information required for authenticating with the Kubernetes API server. If you are using DefaultKubernetesClient from inside a Pod, it will load ~/.kube/config from the ServiceAccount volume mounted inside the Pod. You can override this configuration if you want a more complex configuration.
 
+##### Role-based access control (RBAC)
+If you're using a Kubernetes cluster with RBAC enabled, the default permissions for a ServiceAccount don't allow it ot list or modify any resources. 
+A `ServiceAccount`, a `Role` and a `RoleBinding` will be needed in order to allow Stork to get/list service instances from the cluster. An example that allows listing all endpoints could look something like this:
+
+```yaml
+------
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: <appName>
+  namespace: <namespace>
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: <namespace>
+  name: <appname>
+rules:
+  - apiGroups: [""] # "" indicates the core API group
+    resources: ["endpoints"]
+    verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: <appname>
+  namespace: <namespace>
+subjects:
+  - kind: ServiceAccount
+    # Reference to upper's `metadata.name`
+    name: default
+    # Reference to upper's `metadata.namespace`
+    namespace: <namespace>
+roleRef:
+  kind: Role
+  name: <appname>
+  apiGroup: rbac.authorization.k8s.io
+```
 
 ## Configuration