The https://github.com/kubernetes-sigs/node-readiness-controller/blob/main/docs/book/src/operations/security.md is covering the Node Condition reporting and explain permissions required by the "agent".
However, there is another backdoor escalation of privileges thru the creation of CRDs. If permissions needed to create configuration (NodeReadinessRule) to remove certain taint is lower than permissions needed to remove the taint from the Node, it needs to be articulated.
The https://github.com/kubernetes-sigs/node-readiness-controller/blob/main/docs/book/src/operations/security.md is covering the Node Condition reporting and explain permissions required by the "agent".
However, there is another backdoor escalation of privileges thru the creation of CRDs. If permissions needed to create configuration (NodeReadinessRule) to remove certain taint is lower than permissions needed to remove the taint from the Node, it needs to be articulated.