search

kubeedge / kubeedge

Kubernetes Native Edge Computing Framework (project under CNCF)
https://kubeedge.io
Apache License 2.0
6.69k stars 1.71k forks source link

Bug: Unnecessary permissions #5647

Open Yseona opened 4 months ago

Yseona commented 4 months ago

Hi community!

I just found that the Deployment cloudcore in the charts has update verb of the pods resource and create/update verb of the services resource(aggregation_rbac_cloudcore.yaml). However, after reading the source code of cloudcore, I didn't find any Kubernetes API usages that require these permissions. Therefore, for security reasons, I suggest checking these permissions to determine if they are truly unnecessary. If they are, the issue should be fixed by removing the unnecessary permission or other feasible methods.

To Reproduce

Use helm chart with default values.

Shelley-BaoYue commented 3 months ago

Thanks for your suggestions! Would you like help us to modify it?