Skip to content

I configured a "static" authorities but nothing help, is there anything wrong? #888

New issue
New issue
Open
Open
I configured a "static" authorities but nothing help, is there anything wrong?#888
Labels
questionFurther information is requested
@yxxchange

Description

@yxxchange
yxxchange
opened on Jul 10, 2023

Question

The relevant YAML configuration that I have set up is shown below.
CIP yaml:

apiVersion: policy.sigstore.dev/v1beta1
kind: ClusterImagePolicy
metadata:
  name: image-policy
spec:
  images:
    - glob: "registry.cn-hangzhou.aliyuncs.com/fckc/sigstore-test:**"
  authorities:
    - static:
        action: pass

deployment yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sigstore-test-deployment
  namespace: sigstore-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sigstore-test
  template:
    metadata:
      labels:
        app: sigstore-test
    spec:
      containers:
      - name: sigstore-test-01
        image: registry.cn-hangzhou.aliyuncs.com/fckc/sigstore-test:v0.1
        imagePullPolicy: Always
        ports:
        - containerPort: 80

But I can't apply the deployment.yaml, The webhook prevented this action. Error is the following:

Error from server (BadRequest): error when creating "deployment.yaml": admission webhook "policy.sigstore.dev" denied the request: validation failed: no matching policies: spec.template.spec.containers[0].image
registry.cn-hangzhou.aliyuncs.com/fckc/sigstore-test@sha256:a094484855793fcb7ba16ad83816ca0fdfdf97f532a9a076b5b62fe6eda26136

How to solve this problem.

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions