Bug: Remove unnecessary permissions in Helm Charts

[Yseona]

trafficstars

Hi community!

I just found that the Deployment contour in the charts has both list and get verbs for the secrets resource (contour.yaml). However, after reading the source code of contour, I didn't find any Kubernetes API usages that require list secrets permissions. If a malicious user gets the service account token, they can list all the names of the secrets, and with the name, they can get the details of all the secrets objects (since this is declared in a ClusterRole). Therefore, for security reasons, I suggest checking this permission to determine if it is truly unnecessary. If it is, the issue should be fixed by removing the unnecessary permission or by other feasible methods.