Rob Best 7a8c19e0cb Support registry keychain from cloud providers (#3036) ... * Enable cloud provider registry keychains It's desirable that Kyverno supports using workload identity and other cloud provider metadata services for registry credentials. Signed-off-by: Rob Best <robertbest89@gmail.com> * Always initialize registry keychain This supports using docker configuration on disk and credentials from cloud providers without having to specify image pull secrets. Signed-off-by: Rob Best <robertbest89@gmail.com> * Get pull secrets from kyverno service account It was previously using 'default'. I think it makes more sense to use the service account that Kyverno actually runs with. Signed-off-by: Rob Best <robertbest89@gmail.com> * Don't split empty pull secrets list Signed-off-by: Rob Best <robertbest89@gmail.com> * Add KYVERNO_SVC_ACCOUNT to config manifests Signed-off-by: Rob Best <robertbest89@gmail.com> * Don't retrieve secrets from service account Signed-off-by: Rob Best <robertbest89@gmail.com> * Reduce scope of keychain changes Just enable cloud provider keychains. Signed-off-by: Rob Best <robertbest89@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>		2022-01-26 07:28:36 +00:00
..
cli/kubectl-kyverno	chore: bump golang to 1.7.6 in dockerfiles (#2968)	2022-01-14 07:57:33 +00:00
initContainer	chore: bump golang to 1.7.6 in dockerfiles (#2968)	2022-01-14 07:57:33 +00:00
kyverno	Support registry keychain from cloud providers (#3036)	2022-01-26 07:28:36 +00:00