VikramPunnam
commented
6 months ago Hi @vishal-chdhry , Any update on this issue?
Please let me know.
Open vishal-chdhry opened 7 months ago
VikramPunnam
commented
6 months ago Hi @vishal-chdhry , Any update on this issue?
Please let me know.
vishal-chdhry
commented
6 months ago @VikramPunnam , yes! Sorry I forgot to update. We have moved to using awslabs AWS Keychain, this will be present in 1.12 release and 1.11.5
VikramPunnam
commented
6 months ago Ok @vishal-chdhry, so the next release 1.11.5 or 1.12 will have this fix, right?
vishal-chdhry
commented
6 months ago Yes, it will be in 1.11.5 and 1.12. Currently you can try out the latest image right now to test it
VikramPunnam
commented
3 months ago Hi @vishal-chdhry, we have upgraded to 1.12.1. and still, we getting the following warning event in the pod.
PolicyViolation: policy verify-image-signature/verify-image-signature fail: failed to verify image harbor.xxxx.xxxx/corp-keda/kedacore/keda:2.14.0: .attestors[0].entries[0].keys: no matching signatures: error verifying bundle: getting public key: operation error KMS: GetPublicKey, failed to resolve service endpoint, endpoint rule error, Invalid Configuration: Missing Region
Do you know if there are any config changes required? Please let me know.
Discussed in https://github.com/kyverno/kyverno/discussions/9132
Description
The event is not affecting the behavior of Kyverno to verify the image policy. It's a false report only. This event originated from aws-sdk
Looking at the path of this error, this error occurs when Cosign package is verifying the bundle using the Sigstore KMS package, but somehow it does not fail when it does not find the region.