Kubernetes configuration to allow Azure Monitor to collect logs.

With this additional ClusterRole and ClusterRoleBinding, Azure Monitor
will receive the aggregate logs from our application containers.

deploy/azure/azure_monitor_rbac.yml

@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+   name: containerHealth-log-reader
+rules:
+   - apiGroups: [""]
+     resources: ["pods/log", "events"]
+     verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+   name: containerHealth-read-logs-global
+roleRef:
+    kind: ClusterRole
+    name: containerHealth-log-reader
+    apiGroup: rbac.authorization.k8s.io
+subjects:
+   - kind: User
+     name: clusterUser
+     apiGroup: rbac.authorization.k8s.io