A cluster role for Kubernetes defines user permissions required to perform operations on a Kubernetes cluster.
You do not need permissions on the cluster to run the script for creating a cluster role because the
kubectl api-resources can be accessed by any account.
If you want to use a dedicated account to run the script, you can create a cluster role that has read-only permissions.
On the Kubernetes cluster or on the access node for Kubernetes, from the command line, run the command to create a Cluster Role for Kubernetes:
script_path [-t token -f output_yaml ]
token is the token of an account that has authorization to create the cluster role. The token is applied to the new cluster role.
output_yaml is the path of the output YAML file for the cluster role. If you do not specify the path, the script redirects output to stdout.
What to Do Next
If a new api-resource is added to the cluster, you must run the script and apply the most recent YAML file for the cluster role. Otherwise, application discovery fails.