0

I'm trying to install CAM through ICP, but I am constantly getting this error:

json error: 
Object { message: "Internal service error : rpc error: code = Unknown desc = 
release cam failed: Internal error occurred: admission webhook 
\"trust.hooks.securityenforcement.admission.cloud.ibm.com\" denied the 
request: \nDeny \"docker.io/store/ibmcorp/icam-bpd-cds:3.1.0.0-x86_64\", no 
matching repositories in ClusterImagePolicy and no ImagePolicies in the 
\"services\" namespace", statusCode: 500 }
reducerCatalogDetails.js:255:8

Does anyone know why this internal service error is occurring?

Y. Ro
  • 3
  • 3

2 Answers2

0

create a imagepolicy.yaml file: 

apiVersion: securityenforcement.admission.cloud.ibm.com/v1beta1
kind: ImagePolicy
metadata:
  name: image-policy
spec:
  repositories:
  - name: "docker.io/store/ibmcorp/*"
    policy: null

and kubectl apply -f imagepolicy.yaml -n services

Partha Kaushik
  • 28
  • 3
  • Thank you, Partha. When I try to apply the imagepolicy.yaml, I'm getting this issue: error: unable to recognize "imagepolicy.yaml": Unauthorized – Y. Ro Oct 03 '18 at 17:54
  • You may do it thru the UI: **https://:8443/console/manage/resourcesecurity/imagepolicies** Create a new image-policy with scope services and add the docker.io/store/ibmcorp/* to the repos list for this policy – Partha Kaushik Oct 03 '18 at 18:51
  • Thanks Partha, I did that and got CAM helm deployed. – Y. Ro Oct 03 '18 at 21:23
0

IBM Container Image Security Enforcement - see https://www.ibm.com/support/knowledgecenter/SSBS6K_3.1.0/manage_images/image_security.html for detailed explanation.

Can create or extend existing policies - ImagePolicy or ClusterImagePolicy depending on scope want allowed. Note : ImagePolicy overrides ClusterImagePolicy for given namespace so be careful to include all want allowed.

Nancy Heinz
  • 1
  • 1