Open
Description
Kyverno Version
1.7
Kubernetes Version
1.20
Kubernetes Platform
EKS
Description
Hi team, appreciate some guidance. I have created a policy as follows
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: cosign-sign
spec:
validationFailureAction: enforce
background: false
webhookTimeoutSeconds: 30
failurePolicy: Fail
rules:
- name: check
match:
any:
- resources:
kinds:
- Pod
- Deployment
verifyImages:
- imageReferences:
- "image:latest"
mutateDigest: false
verifyDigest: false
key: |-
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
When i try to deploy some container, i get the following issue
.attestors[0].entries[0].keys: failed to load Rekor public keys: updating local\n metadata and targets: error updating to TUF remote mirror: tuf: failed to download\n 10.root.json: Get "https://tuf-repo-cdn.sigstore.dev/10.root.json\": net/http:\n TLS handshake timeout'\n"
I do not want to access external domain, is there a way to disable this ?
Steps to reproduce
Expected behavior
request to TUF
Screenshots
No response
Kyverno logs
Slack discussion
No response
Troubleshooting
- I have read and followed the documentation AND the troubleshooting guide.
- I have searched other issues in this repository and mine is not recorded.