u/AbilityAwkward5372

I’ve been looking at a few Kubernetes manifests (like demo apps and metrics setups), and noticed a pattern:

some configurations end up requiring cluster-admin or elevated permissions to modify or fully reverse later — especially around RBAC bindings and service accounts.

Not necessarily wrong, but it creates a kind of “operational dependency” on higher privilege.

Curious how people here think about this:

• do you actively design for reversibility / least privilege later?
• or is this just an accepted tradeoff in most setups?

Trying to understand how common this is in real-world clusters.