Skip to content

Commit

Permalink
Changed Always pull to IfNotPresent
Browse files Browse the repository at this point in the history
  • Loading branch information
@tommyd450
tommyd450 committed Sep 29, 2023
1 parent 6c145f1 commit 8878faa
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 17 deletions.
34 changes: 17 additions & 17 deletions charts/trusted-artifact-signer/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ configs:
registry: quay.io
repository: securesign/cosign
version: v2.1.1
pullPolicy: Always
pullPolicy: IfNotPresent

rbac:
# -- clusterrole to be added to sigstore component serviceaccounts.
Expand All @@ -146,7 +146,7 @@ scaffold:
registry: quay.io
repository: redhat-user-workloads/securesign-tenant/scaffolding/ct-server
version: "446713f9737dfe1401696d1dcf0f3ab92de77b5a"
pullPolicy: Always
pullPolicy: IfNotPresent
createctconfig:
backoffLimit: 30
enabled: true
Expand All @@ -155,12 +155,12 @@ scaffold:
registry: registry.access.redhat.com
repository: ubi9/ubi-minimal
version: latest
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
image:
registry: quay.io
repository: redhat-user-workloads/securesign-tenant/scaffolding/createctconfig
version: "446713f9737dfe1401696d1dcf0f3ab92de77b5a"
pullPolicy: Always
pullPolicy: IfNotPresent
createcerts:
fullnameOverride: ctlog-createcerts
createtree:
Expand All @@ -170,7 +170,7 @@ scaffold:
registry: quay.io
repository: redhat-user-workloads/securesign-tenant/scaffolding/createtree
version: "446713f9737dfe1401696d1dcf0f3ab92de77b5a"
pullPolicy: Always
pullPolicy: IfNotPresent
fulcio:
enabled: true
forceNamespace: fulcio-system
Expand All @@ -188,14 +188,14 @@ scaffold:
registry: quay.io
repository: redhat-user-workloads/securesign-tenant/scaffolding/createcerts
version: "446713f9737dfe1401696d1dcf0f3ab92de77b5a"
pullPolicy: Always
pullPolicy: IfNotPresent
server:
fullnameOverride: fulcio-server
image:
registry: quay.io
repository: redhat-user-workloads/securesign-tenant/fulcio/fulcio
version: "e80d2fcaf464e47ef6b60ce88cb63753e720a3c8"
pullPolicy: Always
pullPolicy: IfNotPresent
# If content and/or files not provided in configs.fulcio.secret
# then this secret must exist in fulcio-system ns. See ../quickstart-with-keycloak.md
# for how to create this secret.
Expand Down Expand Up @@ -227,7 +227,7 @@ scaffold:
registry: quay.io
repository: securesign/rekor-server
version: v1.2.2
pullPolicy: Always
pullPolicy: IfNotPresent
# when providing contents of secret with configs.rekor.signer
# the signer sections must also be provided here
signer: /key/private
Expand All @@ -249,13 +249,13 @@ scaffold:
registry: quay.io
repository: redhat-user-workloads/securesign-tenant/scaffolding/createtree
version: "446713f9737dfe1401696d1dcf0f3ab92de77b5a"
pullPolicy: Always
pullPolicy: IfNotPresent
backfillredis:
image:
registry: quay.io
repository: redhat-user-workloads/securesign-tenant/rekor/backfill-redis
version: "0bdc2250d7e441fa292ea21e32e40552e6804c97"
pullPolicy: Always
pullPolicy: IfNotPresent
trillian:
enabled: true
forceNamespace: trillian-system
Expand All @@ -268,7 +268,7 @@ scaffold:
registry: quay.io
repository: redhat-user-workloads/securesign-tenant/scaffolding/createdb
version: "446713f9737dfe1401696d1dcf0f3ab92de77b5a"
pullPolicy: Always
pullPolicy: IfNotPresent
initContainerImage:
netcat:
registry: quay.io
Expand All @@ -278,7 +278,7 @@ scaffold:
registry: registry.access.redhat.com
repository: ubi9/ubi-minimal
version: latest
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
redis:
args:
- /usr/bin/run-redis
Expand All @@ -290,7 +290,7 @@ scaffold:
registry: registry.redhat.io
repository: rhel9/redis-6
version: "sha256:031a5a63611e1e6a9fec47492a32347417263b79ad3b63bcee72fc7d02d64c94"
pullPolicy: Always
pullPolicy: IfNotPresent

logSigner:
name: trillian-logsigner
Expand All @@ -299,7 +299,7 @@ scaffold:
registry: quay.io
repository: redhat-user-workloads/securesign-tenant/trillian/trillian-logsigner
version: "a1c542b955191c68fbffc6d0a8c1b53f055b3590"
pullPolicy: Always
pullPolicy: IfNotPresent
logServer:
name: trillian-logserver
fullnameOverride: trillian-logserver
Expand All @@ -309,7 +309,7 @@ scaffold:
registry: quay.io
repository: redhat-user-workloads/securesign-tenant/trillian/trillian-logserver
version: "a1c542b955191c68fbffc6d0a8c1b53f055b3590"
pullPolicy: Always
pullPolicy: IfNotPresent
mysql:
fullnameOverride: trillian-mysql
gcp:
Expand All @@ -321,7 +321,7 @@ scaffold:
registry: quay.io
repository: redhat-user-workloads/securesign-tenant/trillian/trillian-database
version: "a1c542b955191c68fbffc6d0a8c1b53f055b3590"
pullPolicy: Always
pullPolicy: IfNotPresent
args: []
securityContext:
fsGroup: 0
Expand Down Expand Up @@ -384,7 +384,7 @@ scaffold:
registry: quay.io
repository: sallyom/copy-secrets
version: latest
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
serviceaccount: tuf-secret-copy-job
backoffLimit: 1000

Expand Down
13 changes: 13 additions & 0 deletions findings
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
**Warning** Missing fallback target ctfe.pub, skipping
Error: signing [quay.io/tdalton/tuf_server@sha256:c1b5466d3210ebc67ba12f99b9717e33c7c911a9a27ff2e19e4e96492b2f32a4]: getting signer: getting key from Fulcio: getting CTFE public keys: no matching targets by custom metadata, fallbacks not found: ctfe.pub
main.go:74: error during command execution: signing [quay.io/tdalton/tuf_server@sha256:c1b5466d3210ebc67ba12f99b9717e33c7c911a9a27ff2e19e4e96492b2f32a4]: getting signer: getting key from Fulcio: getting CTFE public keys: no matching targets by custom metadata, fallbacks not found: ctfe.pub
[tdalton@fedora sigstore-ocp]$


tuf_Server Issues

rekor server unknown command "serve"


6957a1ec319e53dbc5446ddc82c53a4274350198a24479c3d9b828979904ae78985d4dcb26afeae3e26506041c2eabe7402ed0ce2697dd1e9dde01eab5cecccc
ctfe.pub
Empty file added root.json
View file
Empty file.

0 comments on commit 8878faa

Please sign in to comment.