sigstore
Deployment of harbor sometime working and sometimes not
I'm have policy controller that install in the cluster, and trying to deploy harbor pod while the CIP mod is set to be warn, please see the below error: /usr/local/bin/helm install --create-namespace -n ncms harbor1 /opt/bcmt/storage/charts/harbor-2.10.4-ncs24.11.0-1.tgz --set hregistry.credentials.username=harbor_registry_user --set hregistry.credentials.password=ZzBudG5zZXZDYXgtdnA= --set redis.internal.password=Z3EyX2ppeHNjenlSdnA= --set database.internal.password=Z3BNdG1kbS00Z2F0ZHA= --set externalURL=https://harbor-harbor-core.ncms.svc --set global.timeZoneEnv=UTC -f /opt/bcmt/config/bcmt-harbor/overwrite-values-install.yml -f /opt/bcmt/config/bcmt-harbor/overwrite-values.yml W0628 07:10:56.255001 396738 warnings.go:70] annotation "kubernetes.io/ingress.class" is deprecated, please use 'spec.ingressClassName' instead Error: INSTALLATION FAILED: 8 errors occurred: * admission webhook "policy.sigstore.dev" denied the request: validation failed: invalid value: bcmt-registry:5000/bcmt/harbor-registryctl:2.10.2-v2.8.3-5-ncs24.7.0-rcky-8.10-20240604-1 must be an image digest: spec.template.spec.containers[0].image * admission webhook "policy.sigstore.dev" denied the request: validation failed: invalid value: bcmt-registry:5000/bcmt/harbor-registryctl:2.10.2-v2.8.3-5-ncs24.7.0-rcky-8.10-20240604-1 must be an image digest: spec.template.spec.containers[0].image * admission webhook "policy.sigstore.dev" denied the request: validation failed: invalid value: bcmt-registry:5000/bcmt/harbor-core:2.10.2-5-ncs24.7.0-rcky-8.10-20240604-1 must be an image digest: spec.template.spec.initContainers[1].image invalid value: bcmt-registry:5000/citm/citm-nginx-server:1.24.0-1.4.3-1.0.1-rocky8 must be an image digest: spec.template.spec.containers[0].image, spec.template.spec.initContainers[0].image * admission webhook "policy.sigstore.dev" denied the request: validation failed: invalid value: bcmt-registry:5000/bcmt/harbor-core:2.10.2-5-ncs24.7.0-rcky-8.10-20240604-1 must be an image digest: spec.template.spec.containers[0].image, spec.template.spec.initContainers[0].image * admission webhook "policy.sigstore.dev" denied the request: validation failed: invalid value: bcmt-registry:5000/bcmt/harbor-registryctl:2.10.2-v2.8.3-5-ncs24.7.0-rcky-8.10-20240604-1 must be an image digest: spec.template.spec.initContainers[0].image invalid value: bcmt-registry:5000/cbur/cbur-agent:1.2.0-alpine-580 must be an image digest: spec.template.spec.containers[0].image * admission webhook "policy.sigstore.dev" denied the request: validation failed: invalid value: bcmt-registry:5000/bcmt/harbor-registryctl:2.10.2-v2.8.3-5-ncs24.7.0-rcky-8.10-20240604-1 must be an image digest: spec.template.spec.initContainers[0].image invalid value: bcmt-registry:5000/crdb/crdb-redisio:6.1-2.4742-rocky8 must be an image digest: spec.template.spec.containers[0].image * admission webhook "policy.sigstore.dev" denied the request: validation failed: invalid value: bcmt-registry:5000/cbur/cbur-agent:1.2.0-alpine-580 must be an image digest: spec.template.spec.containers[0].image * admission webhook "policy.sigstore.dev" denied the request: validation failed: invalid value: bcmt-registry:5000/cbur/cbur-agent:1.2.0-alpine-580 must be an image digest: spec.template.spec.containers[0].image
However running cosign verify command against the failing the above images it's working perfect and i see the image is signed.
