[Bug] Removal of write permissions on secrets for background controller not documented in `v1.13.0` upgrade guide

[joshdcu]

Page link

https://main.kyverno.io/docs/installation/upgrading/#upgrading-to-kyverno-v113

Description

In Kyverno v1.13.0, wildcard view permissions were removed for Kyverno controllers. This change was clearly documented in the upgrade guide. However, the background controller also had permissions to create, update, patch, and delete secrets, and while this permission was removed in v1.13.0 as well, it was not documented in the upgrade guide. I expected that passing the Helm values as mentioned in the upgrade guide would restore the same functionality as in v1.12.

I'm creating a documentation bug instead of a code bug because it is clear from the PR kyverno/kyverno#10785 that this removal was intentional. Could we please mention that these permissions for the background controller were also removed, along with steps to restore the prior functionality? I'm happy to contribute a PR for the same if we agree this should be done.

Expected behavior

I expected the removal of permissions for background controller to create, update, patch, and delete secrets to be documented in the breaking changes for v1.13.0, so that users of Kyverno could plan accordingly.

Since only the removal of wildcard view permissions was documented in the v1.13.0 upgrade guide, I expected that passing the Helm values as mentioned in the upgrade guide would restore the same functionality as in v1.12.

Slack discussion

No response