policy-controller icon indicating copy to clipboard operation
policy-controller copied to clipboard
verified publisher icon sigstore

policy creation error: failed to call webhook defaulting

Open prudnitskiy opened this issue 2 years ago • 2 comments

Description

I'm trying to create a policy on a fresh policy controller install. Any policy I try to create fails with this error:

Error from server (InternalError): error when creating "lab/test-pol.yaml": Internal error occurred: failed calling webhook "defaulting.clusterimagepolicy.sigstore.dev": failed to call webhook: Post "https://webhook.sigstore.svc:443/defaulting?timeout=10s": context deadline exceeded

Debug log for the policy-controller-webhook pod doesn't contain any errors.

Policy example:

# Source: sigstore-policies/templates/policy.yaml
apiVersion: policy.sigstore.dev/v1beta1
kind: ClusterImagePolic
metadata:
  name: corp-local
spec:
  authorities:
  - key:
      kms: gcpkms://projects/corp-dev/locations/europe-west1/keyRings/build-provenance/cryptoKeys/cosign-key-1
  images:
  - glob: europe-west1-docker.pkg.dev/corp-dev/**
  - glob: europe-west1-docker.pkg.dev/corp/**
  mode: warn

Version policy controller: v0.8.2 helm chart: 0.6.1 kubernetes version: v1.24.14-gke.1200

Key used: GKMS

Is there anything I can try to fix it?

prudnitskiy avatar Aug 18 '23 18:08 prudnitskiy

Ihave the same issue

minivolk avatar Dec 07 '23 08:12 minivolk

@prudnitskiy could you share the logs of the controller? Is the controller running?

hectorj2f avatar Dec 07 '23 12:12 hectorj2f