Closed ereslibre closed 2 years ago
temp workaround:
apiVersion: policies.kubewarden.io/v1alpha2
kind: PolicyServer
metadata:
name: default
spec:
image: ghcr.io/kubewarden/policy-server:latest@sha256:682b9f9c6f86b62b0673b695897ca834d415d9ad24736edcee8c4bfa7adf2dca
to force the use of the amd64 image
This is caused by how we are building the container images. I have to check more in detail in order to report the issue in case there is some binary compatibility issue. I will follow up about that here.
In terms of moving forward, I have taken the opportunity to move away from openssl
to rustls
. The following changes support this move in different parts of the project and dependencies:
rustls
backend does not support accept_invalid_hostnames
concept implemented in the openssl
backend.rustls
instead of openssl
. Keep openssl
as the default, so no change by default. Also, when https://github.com/krustlet/oci-distribution/pull/8 is merged, https://github.com/sigstore/sigstore-rs/pull/14 has to be applied.openssl
with rustls
. Perform some minor API adaptations.kube
dependency (used for context aware policies) to use rustls
.openssl
with rustls
. Update the way we build the container image. Perform some API adaptations so we don't depend on openssl
for reading certificates and keys and depend on rustls_pemfile
instead.openssl
with rustls
. Perform some minor API adaptations.I just verified that the new locally build with rustls works as expected and does not crash.
This is implemented.
https://github.com/kubewarden/docs/issues/75 describes how to make the Policy Server crash under arm64, but just trying to follow the quick start makes it crash on every request.