Ville Aikas
Ville Aikas
Thank you!!!
Just to make sure I understand, does this mean that we run through the policy evaluations twice if the annotations are enabled? Once during defaulting (and that's when the annotation...
> You are totally right, everything you are mentioning is what is happening. Is there a way to evaluate and create annotations at the same time? I don't believe so...
Awesome, is this test passing if you uncomment this? https://github.com/sigstore/policy-controller/blob/main/test/e2e_test_cluster_image_policy_with_attestations.sh#L229
This may help here: https://tip.cuelang.org/play/?id=--Ep9vOrwU1#cue@export@cue
The one way to achieve this today would be to remove the namespace selectors here: https://github.com/sigstore/policy-controller/blob/main/config/500-webhook-configuration.yaml#L21 and here: https://github.com/sigstore/policy-controller/blob/main/config/500-webhook-configuration.yaml#L43 When you deploy the policy-controller.
I think we should do it even before :) But sure! On Wed, Mar 8, 2023 at 8:35 AM Hector Fernandez ***@***.***> wrote: > @vaikas Should we include this issue...
I've not run this on Azure, so can't say for sure. But I'd try to rule out the auth, by creating a simple test image and require signing. Easy way...
Yeah, this is a bit unfortunate that it doesn't allow for the key. IMHO we should change it to support specifying the Key as well, just like the ConfigMapRef does....
Do you have an example Image that you could point to that we could play with?