rbac: replace wildcard with a clear list of allowed verbs (#6233)

Signed-off-by: zhangzujian <zhangzujian.7@gmail.com>

Author: zhangzujian

charts/kube-ovn-v2/templates/rbac/ovn-CR.yaml

@@ -51,7 +51,13 @@ rules:
       - qos-policies
       - qos-policies/status
     verbs:
-      - "*"
+      - create
+      - get
+      - list
+      - update
+      - patch
+      - watch
+      - delete
   - apiGroups:
       - ""
     resources:
@@ -166,7 +172,11 @@ rules:
     resources:
       - leases
     verbs:
-      - "*"
+      - create
+      - update
+      - patch
+      - get
+      - watch
   - apiGroups:
       - "kubevirt.io"
     resources:

charts/kube-ovn/templates/ovn-CR.yaml

@@ -51,7 +51,13 @@ rules:
       - qos-policies
       - qos-policies/status
     verbs:
-      - "*"
+      - create
+      - get
+      - list
+      - update
+      - patch
+      - watch
+      - delete
   - apiGroups:
       - ""
     resources:
@@ -166,7 +172,11 @@ rules:
     resources:
       - leases
     verbs:
-      - "*"
+      - create
+      - update
+      - patch
+      - get
+      - watch
   - apiGroups:
       - "kubevirt.io"
     resources:

dist/images/install.sh

@@ -3918,7 +3918,13 @@ rules:
       - qos-policies
       - qos-policies/status
     verbs:
-      - "*"
+      - create
+      - get
+      - list
+      - update
+      - patch
+      - watch
+      - delete
   - apiGroups:
       - ""
     resources:
@@ -4033,7 +4039,11 @@ rules:
     resources:
       - leases
     verbs:
-      - "*"
+      - create
+      - update
+      - patch
+      - get
+      - watch
   - apiGroups:
       - "kubevirt.io"
     resources: