shuting
shuting
Hi @Vishalk91-4 - you need to sign-off your commits https://github.com/kyverno/kyverno/pull/10103/checks?check_run_id=24196999350.
If we block policies when the required permissions are missing (and set existing policies to not ready), we should be able to restrict the defaults to a minimum set.
Capturing discussion results from the maintainer's meeting on 01/02/2024: 1. replace wildcard permissions as Chip mentioned [above](https://github.com/kyverno/kyverno/issues/5690#issuecomment-1871218027) 2. revisit the permissions on secrets
> For brevity sake and to reflect the current status, the current scope of this issue is to find a way to reduce this permission set which, as of 1.11,...
Please explain the changes in full so the reviewer understands what has been fixed. The unit tests need to be fixed.
Do we need to clarify this new behavior in our doc?
Hi @Vyom-Yadav - I think we are almost there, is the PR ready for the final review?
@Vyom-Yadav - can you check linter issues?
> I believe kyverno might be able to support this already through ggcr's use of ecr cred helpers. Have you tried configuring your image pull secrets like so - https://github.com/awslabs/amazon-ecr-credential-helper#docker...
@samj1912 correct me if I'm wrong. I think it's to configure your image pull secret described in [AWS credentials](https://github.com/awslabs/amazon-ecr-credential-helper#aws-credentials) section: >Web Identities like [IAM Roles for Service Accounts in Kubernetes](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html)...