policy creation error: failed to call webhook defaulting

Question

policy creation error: failed to call webhook defaulting

prudnitskiy opened this issue a year ago · 2 comments

Description

I'm trying to create a policy on a fresh policy controller install. Any policy I try to create fails with this error:

Error from server (InternalError): error when creating "lab/test-pol.yaml": Internal error occurred: failed calling webhook "defaulting.clusterimagepolicy.sigstore.dev": failed to call webhook: Post "https://webhook.sigstore.svc:443/defaulting?timeout=10s": context deadline exceeded

Debug log for the policy-controller-webhook pod doesn't contain any errors.

Policy example:

# Source: sigstore-policies/templates/policy.yaml
apiVersion: policy.sigstore.dev/v1beta1
kind: ClusterImagePolic
metadata:
  name: corp-local
spec:
  authorities:
  - key:
      kms: gcpkms://projects/corp-dev/locations/europe-west1/keyRings/build-provenance/cryptoKeys/cosign-key-1
  images:
  - glob: europe-west1-docker.pkg.dev/corp-dev/**
  - glob: europe-west1-docker.pkg.dev/corp/**
  mode: warn

Version
policy controller: v0.8.2
helm chart: 0.6.1
kubernetes version: v1.24.14-gke.1200

Key used: GKMS

Is there anything I can try to fix it?

Answer 1 · 2023-12-07T08:54:37.000Z

Ihave the same issue

Answer 2 · 2023-12-07T12:37:05.000Z

@prudnitskiy could you share the logs of the controller? Is the controller running?