Add cert-rotation script into cno

update install-cni script to match whereabouts bin so that we get cert
rotatation in openshift

we have to break the tokenwatcher section of the whereabouts script out
because it was running in an init container, so it would never
"complete", hanging the rollout

to accomplish this I created a new whereabouts watcher ds to house this
section of the script

Signed-off-by: Benjamin Pickard <[email protected]>
(cherry picked from commit 6e82842)

Author: bpickard22

bindata/network/multus/002-rbac.yaml

@@ -230,26 +230,32 @@ kind: ClusterRole
 metadata:
   name: whereabouts-cni
 rules:
-- apiGroups:
-  - whereabouts.cni.cncf.io
+- apiGroups: ["whereabouts.cni.cncf.io"]
   resources:
-  - ippools
-  - overlappingrangeipreservations
-  - nodesliceippools
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
+  - "nodeslicepools"
+  - "nodeslicepools/status"
+  - "nodeslicepools/finalizers"
+  - "ippools"
+  - "overlappingrangeipreservations"
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
 - apiGroups: [""]
   resources:
   - pods
-  verbs:
-  - list
-
+  - nodes
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["k8s.cni.cncf.io"]
+  resources:
+  - "network-attachment-definitions"
+  - "network-attachment-definitions/finalizers"
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["", "events.k8s.io"]
+  resources:
+  - events
+  verbs: ["create", "patch", "update"]
+- apiGroups: ["coordination.k8s.io"]
+  resources:
+  - leases
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role