Kyverno is blocking updates to chains
sudo-bmitch opened this issue · comments
Bug Report
Kyverno is blocking an update to the chains controller.
Current Behavior
$ kubectl rollout restart -n tekton-chains deployment tekton-chains-controller
error: failed to patch: admission webhook "validate.kyverno.svc-fail" denied the request:
policy Deployment/tekton-chains/tekton-chains-controller for resource violation:
verify-image:
autogen-verify-image: image is not verified
Expected Behavior
A restart of chains should succeed.
Possible Solution
Fix kyverno, or switch to sigstore/policy-controller.
Steps to Reproduce
kubectl rollout restart -n tekton-chains deployment tekton-chains-controller
Context
I can't restart chains after adjusting the config.
Your Environment
Last commit:
5688ad8 Merge branch 'main' into tekton-chains-v0.15.0 (HEAD -> pr-411, upstream/tekton-chains-v0.15.0)
Kubernetes:
Client Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.3", GitCommit:"aef86a93758dc3cb2c658dd9657ab4ad4afc21cb", GitTreeState:"clean", BuildDate:"2022-07-13T14:30:46Z", GoVersion:"go1.18.3", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v4.5.4
Server Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.3", GitCommit:"aef86a93758dc3cb2c658dd9657ab4ad4afc21cb", GitTreeState:"clean", BuildDate:"2022-07-13T14:23:26Z", GoVersion:"go1.18.3", Compiler:"gc", Platform:"linux/amd64"}
Tekton:
Client version: 0.30.0
Chains version: v0.15.0
Pipeline version: v0.41.0
Triggers version: v0.22.0