Luiz Carvalho
Luiz Carvalho
There has been enough time since we added support for `secrets`. I think it's reasonable to remove usage of `imagePullSecrets` now. There are actually two sets of `imagePullSecrets` that are...
The workaround is to ensure that, for a given OCI repo, a single `Secret` is linked to the ServiceAccount, and that `Secret` has push access to the OCI repo. This...
That seems reasonable to me!
Builder is defined as: > Identifies the entity that executed the invocation, which is trusted to have correctly performed the operation and populated this provenance. I'm wondering if Tekton Chains...
/lifecycle frozen There's some interest in resolving this relatively soon.
@wlynch mentioned in slack today that keeping the ability to set the builder ID via config could be misused as a spoofing technique. We should clarify that before working on...
cosign will use rego to make the following query: `data.signature.allow` It looks like your policy does have the right package name, `signature`, and produces the `allow` value. Good. The issue...
@SaiJyothiGudibandi, how are you trying to do that?
When using OPA's rego with cosign, `allow` has to be a boolean. That's the the only value that will be queried. You cannot return a response error message because of...
> Thanks for the quick response. > > Understand the above code, using that how can I print error message if allow set to false? I am looking to print...