Helm chart: RBAC Wildcard In Rule

[blsho]

KICS scan reports high vulnerability (risk score 8.4) RBAC Wildcard In Rule when it scans templated external-dns chart to kubernetes manifest files.

Reference: https://docs.kics.io/latest/queries/kubernetes-queries/6b896afb-ca07-467a-b256-1a0077a1c08e/

Location: https://github.com/kubernetes-sigs/external-dns/blob/v0.21.0/charts/external-dns/templates/clusterrole.yaml#L61

What would you like to be added:

Explicitly name verbs which are needed for dnsendpoints/status resource.

Why is this needed:

security, to pass KICS scans.

[ivankatliarchuk]

Not a vulnerability but a good practice. What I could suggest - clone helm chart and configure based on company security policiees