Failed calling webhook

[rkydx]

Hello,
Recently we have done the setup of Connaisseur along with Cosign for signing images in our firm.
Today I was doing some test for pods as part of testing. While creating pod with signed image from Cosign and pod without sign. I am getting some error as below -

Errors:

For signed image:
Error from server (InternalError): erro when creating "STDIN": Internal error occurred: failed calling webhook "connaisseur-svc.connaisseur.svc": failed to call webhook: Post "https://connaisseur-svc.connaisseur.svc:443/mutate?timeout=30s": net/http: request canceled (Client.Timeout exceeded while awaiting headers)

For unsigned image:
Error from server (InternalError): error when creating "STDIN": Internal error occurred: failed calling webhook "connaisseur-svc.connaisseur.svc": failed to call webhook: Post "https://connaisseur-svc.connaisseur.svc:443/mutate?timeout=30s": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

It will be of great help if I can get some idea how to resolve this error.

[phbelitz]

It seems that Connaisseur takes too long to do the signature verification. It has max 30 seconds to do so, as this is the max amount Kubernetes allows and at some point during that time Connaisseur gets stuck in your case.

Maybe try to check the logs and see where Connaisseur gets stuck to find the culprit. Also consider enabling debug mode (set debug field inside the helm values.yaml).