Stop binding to cluster-admin for clusterrole

[Givemeurcookies]

TL;DR

Currently the helm chart binds to the "cluster-admin", this gives the controller access to every resource in the cluster which is excessive when it only manages some services and node labels. Why not simply bind to the required resources? Is there a reason why it needs cluster-admin?

Expected behavior

I expect the Helm chart template to be configured in such a way that it only binds to the required resources it needs to read/write/update.

[lukasmetzner]

I don't know what the historic reason is, why cluster-admin was chosen. If I have time, I will take a look at this and possibly create custom role for HCCM. In the meantime you can set rbac.create=false to prevent the role binding from being created. You can then bind your custom role to the HCCMs service account.