You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a secret with the credentials to authenticate to an private image registry where to download the trivy-checks image. Something like: kubectl create secret generic trivy-operator -n trivy-system --from-literal=policies.bundle.oci.user=<registryuser> --from-literal=policies.bundle.oci.password=<registrypass>
{"level":"error","ts":"2024-12-06T15:13:16Z","logger":"policyLoader.Get misconfig bundle policies","msg":"failed to load policies","error":"failed to download policies: failed to download built-in policies: download error: OCI repository error: 3 errors occurred:\n\t* GET https://REDACTED/aquasecurity/trivy-checks/manifests/0: MANIFEST_UNKNOWN: Failed to fetch \"0\"\n\t* GET https://REDACTED/aquasecurity/trivy-checks/manifests/0: MANIFEST_UNKNOWN: Failed to fetch \"0\"\n\t* GET https://REDACTED: DENIED: Unauthenticated request. Unauthenticated requests do not have permission \"artifactregistry.repositories.downloadArtifacts\" on resource \"REDACTED\" (or it may not exist)\n\n", ...
What did you expect to happen:
It seems the request is not authenticated. I expect the request to use the configured credentials.
Anything else you would like to add:
I checked if the trivy-operator secret is mounted by the trivy-operator pod but its not the case. I also tried to mount the trivy-operator secret as env on the pod but the issue persist.
I verified the credentials locally (with docker login) and I can confirm they work.
Environment:
Trivy-Operator version: 0.24.1
Kubernetes version: 1.29.2 (GKE)
Registry is GCP artifact registry
The text was updated successfully, but these errors were encountered:
What steps did you take and what happened:
kubectl create secret generic trivy-operator -n trivy-system --from-literal=policies.bundle.oci.user=<registryuser> --from-literal=policies.bundle.oci.password=<registrypass>
policiesBundle.existingSecret: true
What did you expect to happen:
It seems the request is not authenticated. I expect the request to use the configured credentials.
Anything else you would like to add:
I checked if the trivy-operator secret is mounted by the trivy-operator pod but its not the case. I also tried to mount the trivy-operator secret as env on the pod but the issue persist.
I verified the credentials locally (with docker login) and I can confirm they work.
Environment:
The text was updated successfully, but these errors were encountered: