Open ferhatguneri opened 1 week ago
Hi, I can't reproduce this here with kwctl
v1.17
:
$ docker pull ghcr.io/viccuad/test/user-group-psp:config-test
config-test: Pulling from viccuad/test/user-group-psp
unsupported media type application/vnd.wasm.config.v1+json
$ kwctl-1.17 pull registry://ghcr.io/viccuad/test/user-group-psp:config-test
$ kwctl-1.17 policies
+-----------------------------------------------------------------------+----------+---------------+--------------+-----------+
| Policy | Mutating | Context aware | SHA-256 | Size |
+-----------------------------------------------------------------------+----------+---------------+--------------+-----------+
| registry://ghcr.io/viccuad/test/user-group-psp:config-test | yes | no | f6e0bf76af86 | 1.35 MB |
+-----------------------------------------------------------------------+----------+---------------+--------------+-----------+
$ kwctl-1.17 push registry://ghcr.io/viccuad/test/user-group-psp:config-test registry://ghcr.io/viccuad/test/user-group-psp:config-test2
Policy successfully pushed: ghcr.io/viccuad/test/user-group-psp@sha256:a11a39b6bc4dc5c047d2d6aa0d33f7208085515d49977ae3c8129fc3706dc9ce
(and the new tag config-test2
was published).
Maybe the ~/docker/config.json
is not correctly set up, or the credentials you are using for that repository are expired. Could you check if you can pull or push an image with crane
, docker
, etc?
From the error invalid peer certificate: UnknownIssuer
, I'm inclined to think that either the local CA certs are incorrectly set up, or kwctl fails to make use of them. Could you please run kwctl with increased verbosity kwctl -v
to see from where the error comes?
As a workaround, you could use crane to push the policy to the registry.
Thanks in advance.
Is there an existing issue for this?
Current Behavior
kwctl push --docker-config-json-path /tmp annotated-policy.wasm registry.com/kubewarden-policies/disallow-automount-default-sa-token-policy:1.11.3 Error: Fail to interact with OCI registry: error sending request for url (https://registry.com/v2/kubewarden-policies/disallow-automount-default-sa-token-policy/blobs/uploads/)
Caused by: 0: error sending request for url (https://registry.com/v2/kubewarden-policies/disallow-automount-default-sa-token-policy/blobs/uploads/) 1: client error (Connect) 2: invalid peer certificate: UnknownIssuer
Expected Behavior
Policy successfully pushed: registry.com/kubewarden-policies/disallow-default-namespace-policy@sha256:c40a3fbca4de08ab6942121212121211214dac34d086a
Steps To Reproduce
Just try to push kubewarden policy with kwctl v1.17.0
Environment
Anything else?
It is working in v1.16.1