Audit and Minimize RBAC Permissions

[zhanggbj]

CAPV controllers currently appear to have Kubernetes RBAC permissions defined that are not strictly necessary for the controller's actual operational logic. These unused permissions introduce security concerns.

To adhere to the principle of least privilege, we should audit our existing cluster roles and bindings and trim them down to only the resources and verbs that are actively consumed by the controller processes.

[sbueringer]

Some examples are the */status permissions

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale