setup ci to run k8s tests

packages/k8s/README.md

@@ -6,7 +6,24 @@ This implementation provides a way to dynamically spin up jobs to run container
 ## Pre-requisites 
 Some things are expected to be set when using these hooks
 - The runner itself should be running in a pod, with a service account with the following permissions
-    - The `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER=true` should be set to true
+```
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: [""]
+  resources: ["pods/exec"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: [""]
+  resources: ["pods/log"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["batch"]
+  resources: ["jobs"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+```
 - The `ACTIONS_RUNNER_POD_NAME` env should be set to the name of the pod
+- The `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` env should be set to true to prevent the runner from running any jobs outside of a container
 - The runner pod should map a persistent volume claim into the `_work` directory
-    - The `ACTIONS_RUNNER_CLAIM_NAME` should be set to the persistent volume claim that contains the runner's working directory
+    - The `ACTIONS_RUNNER_CLAIM_NAME` env should be set to the persistent volume claim that contains the runner's working directory
+- Some actions runner env's are expected to be set. These are set automatically by the runner.
+    - `RUNNER_WORKSPACE` is expected to be set to the workspace of the runner
+    - `GITHUB_WORKSPACE` is expected to be set to the workspace of the job