auth.secret_name provided but still fails with "authentication required" on Docker Hub private repo / cosign #573
-
Hey folks! I'm trying to use a cosign validator against my private Docker Hub repos, but I've not been able to get connaisseur to authenticate - so I get errors like this when testing with
My validator is defined like this:
And my I've confirmed that the credentials are correctly mounted into the pod container at When I set
Any ideas? :) Thanks, |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 9 replies
-
Hey @funkypenguin , have you followed the description on how to setup the secret and does have the typical dockerconfigjson form on the pod? |
Beta Was this translation helpful? Give feedback.
-
Hey @xopham! Yes, I've followed both the documented instructions (creating a generic secret and then setting
In both cases, I get what looks like a valid To confirm whether the image is valid, here's what connaisseur says:
Now I've not signed this image with cosign...
However, it is a valid image, since when I use an invalid image, I get an "entity not found" error out of cosign:
To rule out the possibility of this being a problem with just unsigned images, I signed the image...
And I can verify it with cosign:
But connaisseur still claims authentication is required:
To confirm that the dockerconfigjson is correct, I compared the
|
Beta Was this translation helpful? Give feedback.
Hey @xopham!
Yes, I've followed both the documented instructions (creating a generic secret and then setting
--type
), and I've tried this format:In both cases, I get what looks like a valid
/app/connaisseur-config/default/.docker/config.json
in the pod (although the second format results in a file with no newlines).To confirm whether the image is valid, here's what connaisseur says: