-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
all images needs to sign while cosignwebhook expects signatures #33
Comments
This happens because of the first functionality we introduced in our webhook - the default fallback secret named I had a couple of ideas on how to handle this. One is specific to the problem (the problem is an injected dynatrace-operator container, when the user is only deploying one container originally).
What do you think @eumel8? |
The global map seems useful but a kind of intransparent if the user want's full control over the deployment. Deprecation is an option, let's rollout the last release and collect feedback from the customer. |
@eumel8 deprecation seems like the best option to me as well going forward. OK, let's see what the users want as we'll and tackle this at a later time. |
version 4.0.3
at the moment all container and init-container (also injected init-container by istio, dynatrace) needs to sign, otherwise cosignwebhok will deny the Admission request. Also different keys seems not possible.
needs to test further
cc. @puffitos
The text was updated successfully, but these errors were encountered: