Open kevchu3 opened 1 year ago
Alright I ran through this again as I bet the recent GA version changed something. Which version of Tekton are you running? Also I made a mistake and forgot to remove this from the readme,
data: artifacts.oci.signer: cosign artifacts.taskrun.format: in-toto artifacts.taskrun.storage: oci transparency.enabled: "true"
You need to remove signer type cosign and only have this in the latest version of Tekton.
$ oc patch configmap chains-config -n openshift-pipelines -p='{"data":{"artifacts.taskrun.format": "in-toto"}}'
$ oc patch configmap chains-config -n openshift-pipelines -p='{"data":{"artifacts.taskrun.storage": "oci"}}'
$ oc patch configmap chains-config -n openshift-pipelines -p='{"data":{"transparency.enabled": "true"}}'
You do still need the encryption type COSIGN in the key.
This is needed since Tekton 1.8.2 when they dropped the signer type and instead uses the key type. I’ll clean up the README and run through it again this weekend just to make sure, but you should be good now after that change. Mine successfully signed last night when I tested it out again.
Fri, Jul 14, 2023 at 4:12 PM Kevin Chung @.***> wrote:
I followed the README.md instructions but at the end of the instructions, it looks like the tekton-chains-controller pod is crashing. Here's the relevant logs, think it's not expecting a value of 'cosign'.
$ oc logs tekton-chains-controller-7b9fb58668-glk74 2023/07/14 20:11:16 Registering 3 clients 2023/07/14 20:11:16 Registering 2 informer factories 2023/07/14 20:11:16 Registering 1 informers 2023/07/14 20:11:16 Registering 1 controllers {"level":"info","ts":"2023-07-14T20:11:16.977Z","caller":"logging/config.go:116","msg":"Successfully created the logger."} {"level":"info","ts":"2023-07-14T20:11:16.977Z","caller":"logging/config.go:117","msg":"Logging level set to: info"} {"level":"info","ts":"2023-07-14T20:11:16.978Z","logger":"watcher","caller":"profiling/server.go:64","msg":"Profiling enabled: false","commit":"ba26e6c"} {"level":"info","ts":"2023-07-14T20:11:16.983Z","logger":"watcher","caller":"leaderelection/context.go:47","msg":"Running with Standard leader election","commit":"ba26e6c"} {"level":"info","ts":"2023-07-14T20:11:16.993Z","logger":"watcher","caller":"sharedmain/main.go:240","msg":"Starting configuration manager...","commit":"ba26e6c"} {"level":"fatal","ts":"2023-07-14T20:11:17.010Z","logger":"watcher","caller":"configmap/store.go:150","msg":"Error initializing chains config \"chains-config\": \"failed to parse data: invalid value \\"cosign\\" wanted one of [kms x509]\"","commit":"ba26e6c","stacktrace":"knative.dev/pkg/configmap.(UntypedStore).OnConfigChanged\n\t/go/src/github.com/tektoncd/chains/vendor/knative.dev/pkg/configmap/store.go:150\nknative.dev/pkg/configmap.(ManualWatcher).OnChange\n\t/go/src/github.com/tektoncd/chains/vendor/knative.dev/pkg/configmap/manual_watcher.go:72\nknative.dev/pkg/configmap/informer.(InformedWatcher).addConfigMapEvent\n\t/go/src/github.com/tektoncd/chains/vendor/knative.dev/pkg/configmap/informer/informed_watcher.go:220\nknative.dev/pkg/configmap/informer.(syncedCallback).Call\n\t/go/src/github.com/tektoncd/chains/vendor/knative.dev/pkg/configmap/informer/synced_callback.go:94\nknative.dev/pkg/configmap/informer.(InformedWatcher).Start.func1\n\t/go/src/github.com/tektoncd/chains/vendor/knative.dev/pkg/configmap/informer/informed_watcher.go:158\nk8s.io/client-go/tools/cache.ResourceEventHandlerFuncs.OnAdd\n\t/go/src/github.com/tektoncd/chains/vendor/k8s.io/client-go/tools/cache/controller.go:231\nk8s.io/client-go/tools/cache.(processorListener).run.func1\n\t/go/src/github.com/tektoncd/chains/vendor/k8s.io/client-go/tools/cache/shared_informer.go:787\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/go/src/github.com/tektoncd/chains/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/go/src/github.com/tektoncd/chains/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/go/src/github.com/tektoncd/chains/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/go/src/github.com/tektoncd/chains/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90\nk8s.io/client-go/tools/cache.(processorListener).run\n\t/go/src/github.com/tektoncd/chains/vendor/k8s.io/client-go/tools/cache/shared_informer.go:781\nk8s.io/apimachinery/pkg/util/wait.(Group).Start.func1\n\t/go/src/github.com/tektoncd/chains/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:73 http://knative.dev/pkg/configmap.(*UntypedStore).OnConfigChanged%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/knative.dev/pkg/configmap/store.go:150%5Cnknative.dev/pkg/configmap.(*ManualWatcher).OnChange%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/knative.dev/pkg/configmap/manual_watcher.go:72%5Cnknative.dev/pkg/configmap/informer.(*InformedWatcher).addConfigMapEvent%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/knative.dev/pkg/configmap/informer/informed_watcher.go:220%5Cnknative.dev/pkg/configmap/informer.(*syncedCallback).Call%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/knative.dev/pkg/configmap/informer/synced_callback.go:94%5Cnknative.dev/pkg/configmap/informer.(*InformedWatcher).Start.func1%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/knative.dev/pkg/configmap/informer/informed_watcher.go:158%5Cnk8s.io/client-go/tools/cache.ResourceEventHandlerFuncs.OnAdd%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/k8s.io/client-go/tools/cache/controller.go:231%5Cnk8s.io/client-go/tools/cache.(*processorListener).run.func1%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/k8s.io/client-go/tools/cache/shared_informer.go:787%5Cnk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155%5Cnk8s.io/apimachinery/pkg/util/wait.BackoffUntil%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156%5Cnk8s.io/apimachinery/pkg/util/wait.JitterUntil%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133%5Cnk8s.io/apimachinery/pkg/util/wait.Until%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90%5Cnk8s.io/client-go/tools/cache.(*processorListener).run%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/k8s.io/client-go/tools/cache/shared_informer.go:781%5Cnk8s.io/apimachinery/pkg/util/wait.(*Group).Start.func1%5Cn%5Ct/go/src/github.com/tektoncd/chains/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:73"}
— Reply to this email directly, view it on GitHub https://github.com/cnuland/aro-hello-chris-tekton-chains/issues/2, or unsubscribe https://github.com/notifications/unsubscribe-auth/AASFDYZSWGGO7I3E2WD2PPDXQGR4HANCNFSM6AAAAAA2KYBFPI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
I followed the README.md instructions but at the end of the instructions, it looks like the tekton-chains-controller pod is crashing. Here's the relevant logs, think it's not expecting a value of 'cosign'.