-
Bug
-
Resolution: Not a Bug
-
Major
-
None
-
4.12, 4.11
-
No
-
Rejected
-
False
-
Description of problem:
Enabling Signature Verification causes rehat-marketplace image to fail signature checks, leaving the image unable to be pulled and launched on the cluster.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. Follow https://docs.openshift.com/container-platform/4.12/security/container_security/security-container-signature.html#containers-signature-verify-enable_security-container-signature to enable Signature Verification on cluster master and worker nodes.
2. "oc describe pod <$redhat-marketplace-pod>" or "oc get events -n openshift-marketplace" to view the errors.
3.
Actual results:
Normal Pulling 3s (x2 over 18s) kubelet Pulling image "registry.redhat.io/redhat/community-operator-index:v4.12"
Warning Failed 1s (x2 over 16s) kubelet Failed to pull image "registry.redhat.io/redhat/community-operator-index:v4.12": rpc error: code = Unknown desc = copying system image from manifest list: Source image rejected: Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"1AC4971355A34A82", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.December, 21, 17, 20, 0, 0, time.Local), ExpTimestamp:time.Date(1970, time.January, 1, 0, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}
Warning Failed 1s (x2 over 16s) kubelet Error: ErrImagePull
Expected results:
Container redhat-marketplace runs without failing signature verifications checks.
Additional info:
- is related to
-
-
- Closed
-
