105. Kubewarden 策略服务器因 Rekor 密钥错误而崩溃
Environment 环境
SUSE Rancher Prime: v2.11.2
SUSE 牧场主至尊:v2.11.2
Kubewarden-controller: v5.5.0
Kubewarden-controller: v5.5.0
Kubewarden-defaults: v3.5.0
Kubewarden-defaults: v3.5.0
Situation 地理位置
- Kubewarden policy servers are crashing with the error:
Kubewarden 策略服务器因以下错误而崩溃:
"Cannot fetch Rekor keys from TUF repository TufMetadataError("Did not find exactly 1 active Rekor key")".- The issue occurs after a certain period without any known updates to Kubewarden.
这个问题发生在一段时间没有已知 Kubewarden 更新之后。
Resolution 结局
- This is a known bug, as mentioned in the Kubewarden policy server issue #1300.
这是一个已知的 bug,正如 Kubewarden 策略服务器问题 #1300 中提到的。 - A fix has been implemented in policy server version 1.29.1+ to handle Sigstore init failures gracefully.
在策略服务器版本 1.29.1+ 中已实现修复,以优雅地处理 Sigstore 初始化失败。 - With the fix in place, the policy server will no longer panic when something is wrong with Sigstore's TUF repository; it will simply inform the user that verification capabilities are not going to work at their full potential.
修复完成后,策略服务器在 Sigstore 的 TUF 仓库出现问题时不会再慌乱;它只是会通知用户验证功能无法发挥全部作用。 - Refer to the release notes for more details.
详情请参阅发布说明 。
Cause 病因
- The crash happens because the policy server fails to fetch Rekor keys from the Sigstore TUF repository.
崩溃是因为策略服务器未能从 Sigstore TUF 仓库获取 Rekor 密钥。 - In the affected Kubewarden version, these failures are not handled properly, resulting in the policy server crashing continuously.
在受影响的 Kubewarden 版本中,这些故障未能得到妥善处理,导致策略服务器持续崩溃。
访问Rancher-K8S解决方案博主,企业合作伙伴 :
https://blog.csdn.net/lidw2009