running gcr.io/kritis-test1/kritis-vuln-signer with gke binary auth
28 views
Skip to first unread message
brent....@baldey.net
Jan 28, 2020, 7:52:32 PM1/28/20
to Kritis users
Hi there
Im trying to follow these guides https://cloud.google.com/binary-authorization/docs/vulnerability-scanning & https://github.com/grafeas/kritis/blob/master/docs/signer_install.md to create an image security policy that does not allow high security vulnerability images to be deployed to a GKE cluster (v1.14.8-gke.18) with Binary Auth enabled.
I have created everything in the google doc up the setting up the kritis signer and thats where im having a problem. Im running image gcr.io/kritis-test1/kritis-vuln-signer:4a36a68bbd160f59f539c23051d0c8559de7baa1 within the cluster but its throwing errors that arent obvious to me:
I0129 00:43:25.962917 1 main.go:67] {"name":"projects/my-sandbox/occurrences/b66a896f-92e5-4f3d-9376-7965e3183c76","kind":"DISCOVERY","notificationTime":"2020-01-29T00:40:47.976975Z"}
E0129 00:43:25.963388 1 main.go:56] Error signing: rpc error: code = InvalidArgument desc = occurrence name must be in the form "projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]", got ""
E0129 00:43:25.964673 1 main.go:56] Error signing: rpc error: code = InvalidArgument desc = occurrence name must be in the form "projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]", got ""
E0129 00:43:25.965094 1 main.go:56] Error signing: rpc error: code = InvalidArgument desc = occurrence name must be in the form "projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]", got ""
I0129 00:43:25.966678 1 main.go:67] {"name":"projects/my-sandbox/occurrences/172e517b-e743-446b-b2d7-12f13131b417","kind":"DISCOVERY","notificationTime":"2020-01-29T00:41:02.083948Z"}
E0129 00:43:25.963388 1 main.go:56] Error signing: rpc error: code = InvalidArgument desc = occurrence name must be in the form "projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]", got ""
E0129 00:43:25.964673 1 main.go:56] Error signing: rpc error: code = InvalidArgument desc = occurrence name must be in the form "projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]", got ""
E0129 00:43:25.965094 1 main.go:56] Error signing: rpc error: code = InvalidArgument desc = occurrence name must be in the form "projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]", got ""
I0129 00:43:25.966678 1 main.go:67] {"name":"projects/my-sandbox/occurrences/172e517b-e743-446b-b2d7-12f13131b417","kind":"DISCOVERY","notificationTime":"2020-01-29T00:41:02.083948Z"}
Is anyone able to help me try and debug what i have done wrong or point me to docs that might help? i assume i have missed some config somewhere defining projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] but cant work out where that may be
Qifan Pu
Jan 28, 2020, 10:50:10 PM1/28/20
to brent....@baldey.net, Kritis users
Hi Brent,
Thanks for reporting this.
On a first glance, it looks that the issue is related to recent change of noteReference format (https://github.com/grafeas/kritis/pull/438).
Can you create an issue and I'll follow up on that to address the problem.
Best,
Qifan
--
You received this message because you are subscribed to the Google Groups "Kritis users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kritis-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kritis-users/7b49692e-923b-4cb0-ba80-a304cd85366e%40googlegroups.com.
brent....@baldey.net
Jan 29, 2020, 1:06:53 PM1/29/20
to Kritis users
thanks for the response, i have created https://github.com/grafeas/kritis/issues/462 for it..
On Wednesday, January 29, 2020 at 4:50:10 PM UTC+13, Qifan Pu wrote:
Hi Brent,Thanks for reporting this.On a first glance, it looks that the issue is related to recent change of noteReference format (https://github.com/grafeas/kritis/pull/438).Can you create an issue and I'll follow up on that to address the problem.Best,Qifan
On Tue, Jan 28, 2020 at 7:52 PM <brent...@baldey.net> wrote:
--Hi thereIm trying to follow these guides https://cloud.google.com/binary-authorization/docs/vulnerability-scanning & https://github.com/grafeas/kritis/blob/master/docs/signer_install.md to create an image security policy that does not allow high security vulnerability images to be deployed to a GKE cluster (v1.14.8-gke.18) with Binary Auth enabled.I have created everything in the google doc up the setting up the kritis signer and thats where im having a problem. Im running image gcr.io/kritis-test1/kritis-vuln-signer:4a36a68bbd160f59f539c23051d0c8559de7baa1 within the cluster but its throwing errors that arent obvious to me:I0129 00:43:25.962917 1 main.go:67] {"name":"projects/my-sandbox/occurrences/b66a896f-92e5-4f3d-9376-7965e3183c76","kind":"DISCOVERY","notificationTime":"2020-01-29T00:40:47.976975Z"}
E0129 00:43:25.963388 1 main.go:56] Error signing: rpc error: code = InvalidArgument desc = occurrence name must be in the form "projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]", got ""
E0129 00:43:25.964673 1 main.go:56] Error signing: rpc error: code = InvalidArgument desc = occurrence name must be in the form "projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]", got ""
E0129 00:43:25.965094 1 main.go:56] Error signing: rpc error: code = InvalidArgument desc = occurrence name must be in the form "projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]", got ""
I0129 00:43:25.966678 1 main.go:67] {"name":"projects/my-sandbox/occurrences/172e517b-e743-446b-b2d7-12f13131b417","kind":"DISCOVERY","notificationTime":"2020-01-29T00:41:02.083948Z"}Is anyone able to help me try and debug what i have done wrong or point me to docs that might help? i assume i have missed some config somewhere defining projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] but cant work out where that may be
You received this message because you are subscribed to the Google Groups "Kritis users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kritis...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages