review: don't use * for rbac in notebooks-controller

Author: kimwnasptd

components/notebook-controller/config/rbac/role.yaml

@@ -39,7 +39,11 @@ rules:
   resources:
   - httproutes
   verbs:
-  - '*'
+  - create
+  - get
+  - list
+  - update
+  - watch
 - apiGroups:
   - kubeflow.org
   resources:

components/notebook-controller/controllers/notebook_controller.go

@@ -88,7 +88,7 @@ type NotebookReconciler struct {
 // +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs="*"
 // +kubebuilder:rbac:groups=kubeflow.org,resources=notebooks;notebooks/status;notebooks/finalizers,verbs="*"
 // +kubebuilder:rbac:groups="networking.istio.io",resources=virtualservices,verbs="*"
-// +kubebuilder:rbac:groups="gateway.networking.k8s.io",resources=httproutes,verbs="*"
+// +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=httproutes,verbs=get;list;watch;create;update
 
 func (r *NotebookReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := r.Log.WithValues("notebook", req.NamespacedName)