Required RBAC rights for Runner in k8s
On GKE with k8s clusters running 1.8+, legacy authorization is off by default and RBAC is on. We have an MR pending to create a service account with full rights, so Runner can properly work in this environment. However it would be ideal to restrict the access rights provided to what is actually required by the Runner so we don't grant overly broad access.
To that end, we need a list of the rights and resources required: https://kubernetes.io/docs/admin/authorization/rbac/#referring-to-resources