I just found that the Deployment cloudcore in the charts has update verb of the pods resource and create/update verb of the services resource(aggregation_rbac_cloudcore.yaml). However, after reading the source code of cloudcore, I didn't find any Kubernetes API usages that require these permissions. Therefore, for security reasons, I suggest checking these permissions to determine if they are truly unnecessary. If they are, the issue should be fixed by removing the unnecessary permission or other feasible methods.
Hi community!
I just found that the Deployment cloudcore in the charts has
update
verb of thepods
resource andcreate/update
verb of theservices
resource(aggregation_rbac_cloudcore.yaml). However, after reading the source code of cloudcore, I didn't find any Kubernetes API usages that require these permissions. Therefore, for security reasons, I suggest checking these permissions to determine if they are truly unnecessary. If they are, the issue should be fixed by removing the unnecessary permission or other feasible methods.To Reproduce
Use helm chart with default values.