[Bug] verifyImages with autogen rules doesn't work for pods with 2+ containers #7651
Closed
2 tasks done
Labels
Milestone
Kyverno Version
1.10.1
Kubernetes Version
1.26.x
Kubernetes Platform
KinD
Kyverno Rule Type
verifyImages
Description
When using verifyImages, with pod autogen rules, updates to Deployments (and other controllers) with 2+ containers fail, even though each image is independently verifiable.
Disabling autogen rules with allows the apply to succeed and updated pods to be created.
In our production environment (EKS + Istio + ArgoCD), we get a slightly different error:
Though I've been unable to reproduce this specific error locally.
Steps to reproduce
kind create cluster --name kyverno --config kind.yaml
helm install kyverno kyverno/kyverno -n kyverno --create-namespace
kubectl apply -f deployment.k8s.yaml
single-
deployments, proving each image is can be verifieddouble
deployment with 2 containers which will break laterkubectl apply -f deployment-updated.k8s.yaml
double
to a different, previously verified imagekind.yaml:
clusterpolicy.k8s.yaml
deployment.k8s.yaml
deployment-updated.k8s.yaml
Expected behavior
Updated manifest to apply successfully
Screenshots
No response
Kyverno logs
Slack discussion
No response
Troubleshooting
The text was updated successfully, but these errors were encountered: