Hector Fernandez
Hector Fernandez
@elfotografo007 We don't have a defined timeline yet.
Feel free to assign it to yourself whenever you start working on this.
@elfotografo007 Done 👍!
@ElonMuskkkkkk Try using `glob: "registry.cn-hangzhou.aliyuncs.com/fckc/sigstore-test**"` instead.
@ElonMuskkkkkk If you specify the tag that won't match the final mutated image tag which is `registry.cn-hangzhou.aliyuncs.com/fckc/sigstore-test@sha256:a094484855793fcb7ba16ad83816ca0fdfdf97f532a9a076b5b62fe6eda26136`. You could use `registry.cn-hangzhou.aliyuncs.com/fckc/sigstore-test@sha256:a094484855793fcb7ba16ad83816ca0fdfdf97f532a9a076b5b62fe6eda26136` as part of the glob pattern if you really...
No. There isn't a way to disable the mutation from a tag to a digest. Using tags is a bad security practice. Your gitOps controller could use a digest with...
@prudnitskiy Thanks for opening the issue. I am looking at your logs, but I cannot find any specific error related to the KMS or policy validation. Could you share the...
@prudnitskiy This log output makes sense to me: ``` signature key validation failed for authority authority-0 for index.docker.io/library/alpine@sha256:ff6bdca1701f3a8a67e328815ff2346b0e4067d32ec36b7992c1fdc001dc8517: no matching signatures ``` I don't see any GKE KMS error fetching...
Thanks for opening the issue @slimm609. It make sense, so we'll work on adding supporting for this feature.
@gustavoromerobenitez You shouldn't be concerned about these TrustRoot errors (although I am gonna check if I can reproduce them). Those are not related here. Could you try using using this...