Chip Zoller
Chip Zoller
Kyverno may only be capable of generating an event when there is an internal error in applying the patch. As long as a patch can internally be generated and sent...
Kyverno no longer performs internal schema validation at the time policies are created. This was removed in 1.11.0 because it has historically been the source of many user problems. We...
Pick something else.
My suggestion would simply be provide the guidance in your documentation on which pieces users install where and not try and do the work for them, for simple maintenance reasons...
> Is it reasonable for Kyverno to split all these resources in install-latest-testing.yaml into some small pieces? As we warn in our [documentation](https://kyverno.io/docs/installation/methods/#testing-unreleased-code), this manifest should never be used for...
cc @eddycharly @realshuting @JimBugwadia
Because Secrets are extremely commonly used as the clone source in a generate rule, removing this specific permission may prove to be highly problematic.
That would be fine, but before we remove this permission we need to understand when it was made and assess the impact.
We have challenges here in that we need these permissions for several things: 1. use in the admission controller to apply policy exceptions and lookup global context entries 2. use...
We discussed this and to reduce these permissions would require similar checks to item No. 1 above (which we now do for generate and mutate-existing rules via PR #6610) for...