You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the attestation exists in the OCI registry, it validates it and either allows or denies the admission. But if the attestation does not exist at all, it allows the pod admission. I would have thought it should reject the pod admission given it does not have the attestation. what is the explanation behind this design and any way to override it so if an attestation does not exist, pod admission should be rejected?
The text was updated successfully, but these errors were encountered:
If I have a Kyverno cluster policy for the admission controller that has for example the following attestation requirements:
If the attestation exists in the OCI registry, it validates it and either allows or denies the admission. But if the attestation does not exist at all, it allows the pod admission. I would have thought it should reject the pod admission given it does not have the attestation. what is the explanation behind this design and any way to override it so if an attestation does not exist, pod admission should be rejected?
The text was updated successfully, but these errors were encountered: