This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

binary Authorization not working

Posted on 05-19-2023 06:14 AM
akbindhani
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

attestation in cloud build executed , but the binary authorisation making it block instead of deploying it ,below the deploy error occurs repeatedly, i have give allow policy in in namespace with attestor but it still  not working.

admission webhook "imagepolicywebhook.image-policy.k8s.io" denied the request: Image gcr.io/project_id/test-nodejs:3717648b21e6d00b7f2db9054df392e303ff6c2f denied by Binary Authorization Kubernetes namespace admission rule for in-uat. Image gcr.io/project_id/test-nodejs:3717648b21e6d00b7f2db9054df392e303ff6c2f denied by attestor projects/project_id/attestors/Binary-cloud-key: Expected digest with sha256 scheme, but got tag or malformed digest.

deployment is working fine without policy, whenever  policy set it's not deploying

anyone suggest me to resolve issue. 

 

  

0 1 1,106
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Marramirez
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

Hi @akbindhani,

Welcome to the Google Cloud Community!

The error "Expected digest with sha256 scheme, but got tag or malformed digest" happens when there is no attestation available for the image. 

For every image you want to deploy, you have to sign it with the private key for the binary authorization to approve and deploy.

Try looking into Security best practices in GKE as it might help you with your case. You can also get in touch with Google Cloud Support if the above option doesn't work.

Let me know if it helped, thanks!

0 Likes
Top Solution Authors
View all