Add instructions for setting ClusterRole permissions

The default ClusterRole created by kubebuilder does not include
all the requried permissions for the controllers to access the
cluster-api objects.

This PR adds additional instructions for setting these permissions.

Signed-off-by: Pablo Chacin <[email protected]>

docs/book/SUMMARY.md

@@ -23,6 +23,7 @@
 * [Register Schemes](provider_implementations/register_schemes.md)
 * [Create Actuators](provider_implementations/create_actuators.md)
 * [Register Controllers](provider_implementations/register_controllers.md)
+* [Customize Resources](provider_implementations/customize_resources.md)
 * [Building, Running, and Testing](provider_implementations/building_running_and_testing.md)
 
 ## Appendices

docs/book/provider_implementations/customize_resources.md

@@ -0,0 +1,56 @@
+# Customize Resources
+
+## Customize Cluster Role
+
+The `ClusterRole` created by `kubebuilder` in `config/rbac/rbac_role.yaml` 
+lacks the necessary permissions for the provider components to access the 
+cluster-api objects. Therefore it is necessary to add some additional rules.
+
+The following patch should be copied to the new file 
+`config/default/rbac_cluster_api_patch.yaml`
+
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: manager-role
+rules:
+- apiGroups:
+  - cluster.k8s.io
+  resources:
+  - clusters
+  - clusters/status
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - cluster.k8s.io
+  resources:
+  - machines
+  - machines/status
+  - machinedeployments
+  - machinedeployments/status
+  - machinesets
+  - machinesets/status
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+```
+
+And modify ``config/default/kustomization.yaml` adding the following entry 
+to `patches`:
+```yaml
+patches:
+- rbac_cluster_api_patch.yaml
+```
+