Add clusterrole appuio:metrics-viewer

This clusterrole can be used to delegate access to the user-workload
monitoring metrics. By binding this clusterrole in a namespace it gives
the subjects access to all metrics in that namespace

class/defaults.yml

@@ -55,6 +55,12 @@ parameters:
               - edit
               - patch
               - delete
+      appuio:metrics-reader:
+        rules:
+          - apiGroups: ['']
+            resources: [pods]
+            verbs:
+              - get
 
     bypassNamespaceRestrictions:
       # Roles are not supported for the APPUiO Cloud Agent. Should be left empty.

tests/golden/defaults/appuio-cloud/appuio-cloud/10_additional_clusterroles.yaml

@@ -1,5 +1,23 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
+metadata:
+  annotations: {}
+  labels:
+    app.kubernetes.io/component: appuio-cloud
+    app.kubernetes.io/managed-by: commodore
+    app.kubernetes.io/name: appuio-cloud
+    name: appuio-metrics-reader
+  name: appuio:metrics-reader
+rules:
+  - apiGroups:
+      - ''
+    resources:
+      - pods
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
   annotations: {}
   labels: