Worked on security hardening and upgrade safety for the kubernetes-sigs/headlamp project by enhancing its Helm chart deployment process. The approach involved removing the default ClusterRoleBinding and eliminating the cluster-admin role, thereby reducing unnecessary privileges. A pre-upgrade hook was introduced using Shell and YAML to clean up legacy ClusterRoleBindings during upgrades, ensuring safer transitions for users. Documentation and tests were updated to emphasize explicit RBAC management, clarifying security expectations for operators. These changes improved the overall security posture and reliability of headlamp deployments on Kubernetes, leveraging skills in CI/CD, Helm, and Kubernetes to address privilege escalation risks and deployment safety.