Steve enhanced security and access control for the castai/helm-charts repository by refining Kubernetes RBAC configurations. He replaced a cluster-scoped ClusterRole with a namespace-scoped Role, restricting leader election permissions to the castai-agent’s namespace and thereby reducing the potential blast radius. Steve also granted leases permissions under the coordination.k8s.io API group, further tightening access and improving the security posture of the deployment. This work was implemented using YAML and leveraged his expertise in Helm and Kubernetes RBAC. The changes addressed a specific security concern, demonstrating a focused approach to minimizing privilege while maintaining operational functionality within the deployment environment.