Replies: 3 comments
-
|
@prasadjlv it would seem to me that cosign cannot find a matching signature. Are you sure image name is correct? The tag is given as Otherwise, I would like to point out that authentication for AWS can also be done via ambient credentials as described here. |
Beta Was this translation helpful? Give feedback.
-
|
@xopham thank you for your response. The typo (latets) is my bad when I was compiling that redacted message. I logged into the docker registry in AWS (it created ~/.docker/config.json) and I have used that to create the secret. I understand that it expires every 12h (I believe) so I keep refreshing the secret. I already have DEBUG enabled, is there anything else I can do to debug this. I am going to set the ambient credentials as you noted and test it again. |
Beta Was this translation helpful? Give feedback.
-
|
@xopham I tried the ambient credentials route as decribed here and I got the same error (no matching signatures). There's something else going on in my configuration and I can't put a finger on it. |
Beta Was this translation helpful? Give feedback.
-
Hello:
I have deployed connaisseur v2.6.0 in an EKS cluster that uses private docker registry (ECR). My validators and policy snippets are simple (redacted) as shown below:
I have used the dockerconfigjson to create the secret (my-secret) and I have set the logLevel to DEBUG.
Deployment of a signed image from our docker registry fails with:
Error from server: admission webhook "connaisseur-svc-connaisseur.svc" denied the request: Unexpected Cosign exception for image "123456789012.dkr.ecr.us-east-1.amazonaws.com/poc/demo:latets": Error: no matching signatures
I have verified the image using "cosign verify --key ", so maybe I am doing something wrong. Please help me debug the above issue.
Beta Was this translation helpful? Give feedback.
All reactions