DingGGu

This is not an actual webhook `registry_package` event. It just checks what the webhook sends to keel, but Keel didn't implement it. **So, you can safely ignore this error.** However...

Currently, Keel does not support Github Container Registry. `ghcr.io/.../...` It only works with Github Package (Legacy version of Github Container Registry) that image name starts with `docker.pkg.github.com/.../.../...` I submitted pull...

Amazing stuffs! [Kiali already support impersonate with Kubernetes OIDC](https://kiali.io/docs/configuration/authentication/openid/) I had a good experience when configuring kiali's authentication. Usually, OIDC is already configured for authentication in Kubernetes Cluster. Kiali to...

@thesuperzapper Looking at your PR comments and the limitations of `SubjectAccessReview`, I wonder if this is the correct implementation. My current configuration is as follows. ``` kube-apiserver --oidc-issuer-url=https:// --oidc-username-claim=email --oidc-groups-claim=groups...

@alexec This option was supported on [EKS](https://docs.aws.amazon.com/ko_kr/eks/latest/userguide/authenticate-oidc-identity-provider.html) and kOps. And I also found [GKE was supported too](https://cloud.google.com/kubernetes-engine/docs/how-to/oidc).

EKS and kOps I'm using have all been applied with in-place upgrade. Why this option is useful is also explained in the EKS documentation. This is to prevent the permission...

The reason why the cluster administrator wants to use "impersonate" is that to use another web console, there is no need to add or change the authorization scheme already configured...

@thesuperzapper My "impersonate" literally means delegation. There is a connotation of the word "impersonate", but it is not meant to imply a deception. `SelfSubjectAccessReview` performs authentication based on the user's...

@wy65701436 Apply permission with catalog.read cannot pull image repository. ``` "permissions": [ { "access": [ { "action": "pull", "resource": "repository" } ], "kind": "project", "namespace": "*" }, { "access": [...

In EKS 1.18, `n_drops_pf=` will appeared syscall drops every 20 seconds with 3~4 count. ``` [pod/falco-mgbdt/falco] {"output":"Falco internal: syscall event drop. 7 system calls dropped in last second.","output_fields":{"ebpf_enabled":"1","n_drops":"7","n_drops_buffer":"0","n_drops_bug":"0","n_drops_pf":"7","n_evts":"5617"},"priority":"Critical","rule":"Falco internal: syscall...