[BUG]: Unnecessary RBAC permissions

[Yseona]

Checklist

• I've searched for similar issues and couldn't find anything matching
• I've included steps to reproduce the behavior

Affected Components

• K8sGPT (CLI)
• K8sGPT Operator

K8sGPT Version

v0.3.32

Kubernetes Version

No response

Host OS and its Version

No response

Steps to reproduce

Use chart with default values.

Expected behaviour

The bug is that the Deployment k8sgpt in the charts has both list and get verbs for the secrets resource (role.yaml). However, after reading the source code of k8sgpt, I didn't find any Kubernetes API usages that require list secrets permissions. If malicious users gain control of a Kubernetes node running a k8sgpt pod, they can list all the names of the secrets, and with the name, they can get the details of all the secrets objects (since this is declared in a ClusterRole).

Therefore, for security reasons, I suggest checking this permission to determine if it is truly unnecessary. If it is, the issue should be fixed by removing the unnecessary permission or other feasible methods.

Actual behaviour

No response

Additional Information

No response

[JuHyung-Son]

agree.

[michael12312]

Hi, I will work on this issue, and will raise a PR soon, Thanks!