Problem Statement
RBAC permissions are still unnecessarily wide today in that pods and pod/exec are granted too broadly. This isn't necessary as the only Pod which needs to be created and exec'd into is the datamover Pod.
Solution Description
Reduce RBAC permissions for Pod creation and /exec subresource to only the datamover Pod.
Alternatives
No response
Additional Context
No response
Troubleshooting
Problem Statement
RBAC permissions are still unnecessarily wide today in that
podsandpod/execare granted too broadly. This isn't necessary as the only Pod which needs to be created and exec'd into is the datamover Pod.Solution Description
Reduce RBAC permissions for Pod creation and
/execsubresource to only the datamover Pod.Alternatives
No response
Additional Context
No response
Troubleshooting