How to minimize the rbac for Karmada credentials in member cluster

[NickYadance]

What happened:

Karmada will generate a clusterrole with super high privileges when join member cluster in Push mode, which brings security risk into member cluster. Can we minimize the privileges of this clusterrole instead of '*' ?

k -n karmada-cluster get clusterroles karmada-controller-manager:xx -oyaml                       ok  4s  base py  10:12:57
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: karmada-controller-manager:xx
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
- nonResourceURLs:
  - '*'
  verbs:
  - get

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

• Karmada version:
• kubectl-karmada or karmadactl version (the result of kubectl-karmada version or karmadactl version):
• Others:

[zhzhuang-zju]

@NickYadance Could you describe what security risk might arise? This ClusterRole is used for the control plane to connect to the member clusters. For the control plane, it needs all permissions on the member clusters to manage their resources.