fix: Create RBAC structure for EPP etcd-less deployment [DYN-1729] (#5364)

Signed-off-by: Anna Tchernych <atchernych@nvidia.com>

recipes/llama-3-70b/vllm/agg/gaie/k8s-manifests/epp/deployment.yaml

@@ -67,6 +67,14 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
             - name: PLATFORM_NAMESPACE
               value: "$(POD_NAMESPACE)" # set to your dynamo platform namespace if different
             # if you want to use etcd enable this and remove the DYN_DISCOVERY_BACKEND env var

recipes/llama-3-70b/vllm/agg/gaie/k8s-manifests/rbac/cluster-role.yaml

@@ -17,15 +17,30 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: pod-read
 rules:
+# Gateway API inference resources
 - apiGroups: ["inference.networking.x-k8s.io"]
   resources: ["inferencepools"]
   verbs: ["get", "watch", "list"]
 - apiGroups: ["inference.networking.x-k8s.io"]
   resources: ["inferencemodels"]
   verbs: ["get", "watch", "list"]
+# Core resources for pod discovery
 - apiGroups: [""]
   resources: ["pods"]
   verbs: ["get", "watch", "list"]
+# Dynamo k8s service discovery - endpoints
+- apiGroups: [""]
+  resources: ["endpoints"]
+  verbs: ["get", "list", "watch"]
+# Dynamo k8s service discovery - endpointslices
+- apiGroups: ["discovery.k8s.io"]
+  resources: ["endpointslices"]
+  verbs: ["get", "list", "watch"]
+# Dynamo k8s service discovery - worker metadata CRs
+- apiGroups: ["nvidia.com"]
+  resources: ["dynamoworkermetadatas"]
+  verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
+# Authentication/authorization
 - apiGroups:
   - authentication.k8s.io
   resources: