[Bug]: Unnecessary RBAC permissions in Helm Charts

[Yseona]

What happened?

The bug is that the Deployment jaeger-operator in the charts has too much RBAC permission than it needs. The service account of jaeger-operator is bound to a role (role.yaml) with the following permissions:

• create/delete/patch/update verb of the pods/replicasets/statefulsets resource (Role)
• get verb of the secrets resource (Role)

After reading the source code of jaeger-operator, I didn't find any Kubernetes API usages using these permissions. Besides, some of these unused permissions may have potential risks. For example, if malicious users gain control of a Kubernetes node running a jaeger-operator pod, they can use the create replicasets permission to create privileged containers with malicious container images.

Steps to reproduce

Use helm chart with default values.

Expected behavior

Therefore, these permissions should be rechecked to determine if they are truly unnecessary. If they are, the issue should be fixed by removing these unnecessary permissions or other feasible methods.

Relevant log output

No response

Screenshot

No response

Additional context

No response

Jaeger backend version

No response

SDK

No response

Pipeline

No response

Stogage backend

No response

Operating system

No response

Deployment model

No response

Deployment configs

No response