in_kubernetes_events: add k8s permission details (#1396)

* in_kubernetes_events: add k8s permission details
fluent/fluent-bit#8351

Signed-off-by: ryanohnemus <ryanohnemus@gmail.com>

* Update pipeline/inputs/kubernetes-events.md

Co-authored-by: Adam Locke <adam.locke@chronosphere.io>
Signed-off-by: Ryan Ohnemus <ryanohnemus@users.noreply.github.com>

* Update pipeline/inputs/kubernetes-events.md

Co-authored-by: Adam Locke <adam.locke@chronosphere.io>
Signed-off-by: Ryan Ohnemus <ryanohnemus@users.noreply.github.com>

* Add hard return to break section

Signed-off-by: Adam Locke <adam.locke@chronosphere.io>

---------

Signed-off-by: ryanohnemus <ryanohnemus@gmail.com>
Signed-off-by: Ryan Ohnemus <ryanohnemus@users.noreply.github.com>
Signed-off-by: Adam Locke <adam.locke@chronosphere.io>
Co-authored-by: Adam Locke <adam.locke@chronosphere.io>

pipeline/inputs/kubernetes-events.md

@@ -14,8 +14,8 @@ Kubernetes exports it events through the API server. This input plugin allows to
 |---------------------|---------------------------------------------------------------------------------------|------------------------------------------------------|
 | db                  | Set a database file to keep track of recorded Kubernetes events                       |                                                      |
 | db.sync             | Set a database sync method. values: extra, full, normal and off                       | normal                                               |
-| interval_sec        | Set the polling interval for each channel.                                            | 0                                                    |
-| interval_nsec       | Set the polling interval for each channel (sub seconds: nanoseconds)                  | 500000000                                            | 
+| interval_sec        | Set the reconnect interval (seconds)*                                                 | 0                                                    |
+| interval_nsec       | Set the reconnect interval (sub seconds: nanoseconds)*                                | 500000000                                            |
 | kube_url            | API Server end-point                                                                  | https://kubernetes.default.svc                       |
 | kube_ca_file        | Kubernetes TLS CA file                                                                | /var/run/secrets/kubernetes.io/serviceaccount/ca.crt |
 | kube_ca_path        | Kubernetes TLS ca path                                                                |                                                      |
@@ -28,8 +28,18 @@ Kubernetes exports it events through the API server. This input plugin allows to
 | tls.verify          | Enable or disable verification of TLS peer certificate.                               | On                                                   |
 | tls.vhost           | Set optional TLS virtual host.                                                        |                                                      |
 
+
+- _* As of Fluent-Bit 3.1, this plugin uses a Kubernetes watch stream instead of polling. In versions before 3.1, the interval parameters are used for reconnecting the Kubernetes watch stream._
+
+
 ## Getting Started
 
+### Kubernetes Service Account
+The Kubernetes service account used by Fluent Bit must have `get`, `list`, and `watch`
+permissions to `namespaces` and `pods` for the namespaces watched in the
+`kube_namespace` configuration parameter. If you're using the helm chart to configure
+Fluent Bit, this role is included.
+
 ### Simple Configuration File
 
 In the following configuration file, the input plugin *kubernetes_events* collects events every 5 seconds (default for *interval_nsec*) and exposes them through the [standard output plugin](../outputs/standard-output.md) on the console.