Getting x509: certificate signed by unknown authority Error after applying ClusterImagePolicy
senanz opened this issue · comments
I have installed policy-controller pod and it's running and in ready status:
Then created TrustRoot and CIP successfully:
The issue when i trying to run kubectl get CIP I'm getting this error:
Error from server: conversion webhook for policy.sigstore.dev/v1alpha1, Kind=ClusterImagePolicy failed: Post "https://webhook.ncms.svc:443/?timeout=30s": x509: certificate signed by unknown authority
image_policy.yaml:
apiVersion: policy.sigstore.dev/v1alpha1
kind: ClusterImagePolicy
metadata:
name: demo2
spec:
images:
- glob: "my-registry:5000/**"
authorities: - name : keyless
keyless:
trustRootRef: my-sigstore-keys2
url: https://fulcio.mysigstore.dev
insecureIgnoreSCT: true
identities:- issuerRegExp: '.'
subjectRegExp: '.'
- issuerRegExp: '.'
Anyone face the same issue before?