Audit and Minimize RBAC Permissions #3681
Description
CAPV controllers currently appear to have Kubernetes RBAC permissions defined that are not strictly necessary for the controller's actual operational logic. These unused permissions introduce security concerns.
To adhere to the principle of least privilege, we should audit our existing cluster roles and bindings and trim them down to only the resources and verbs that are actively consumed by the controller processes.