Restrict create/delete verbs on nodes

Only few cloud providers actually need those verbs.

- create: kwok
- delete: kwok, huaweicloud

So, it would be better to restrict them to only those providers, following the principle of least privilege.

Signed-off-by: Mitsuo HEIJO <[email protected]>

Author: johejo

charts/cluster-autoscaler/templates/clusterrole.yaml

@@ -53,8 +53,12 @@ rules:
     verbs:
     - watch
     - list
+{{- if (eq .Values.cloudProvider "kwok") }}
     - create
+{{- end }}
+{{- if or (eq .Values.cloudProvider "kwok") (eq .Values.cloudProvider "huaweicloud") }}
     - delete
+{{- end }}
     - get
     - update
   - apiGroups: