Unable to add registry in Anchore running on kubernetes - security

I'm trying to add ECR registry in anchore that is setup in kubernetes. I created an achore-cli pod and tried to execute the below command
anchore-cli registry add /
1234567890.dkr.ecr.us-east-1.amazonaws.com /
awsauto /
awsauto /
--registry-type=awsecr
and I got the following output,
Error: 'awsauto' is not enabled in service configuration
HTTP Code: 406
Detail: {'error_codes': []}
I configured IAM Role via service account with AmazonEC2ContainerRegistryReadOnly policy. Can someone help me with this?

Related

az login error: Please ensure you have network connection. Error detail: HTTPSConnectionPool(host='login.microsoftonline.com', port=443)

Trying to install the Azure Devops CLI Extension
https://learn.microsoft.com/en-us/azure/devops/cli/?view=azure-devops
az extension add --name azure-devops
is the command I run
I get the following error message
Error Message
I have tried
git config http.sslVerify "false"
I've tried to do multiple azure cli and powershell commands
I've set my context with
Set-AzContext -Subscription "xxxx-xxxx-xxxx-xxxx"
I don't understand what the issue is here.
I've tried running the commands with and without the VPN ( I use Pulse VPN for reference)
I've tried setting powershell's execution policy to Undefined
**Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope CurrentUser**
If someone could please let me know their thoughts on the specific error:
Please ensure you have network connection. Error detail: HTTPSConnectionPool(host='objects.githubusercontent.com', port=443): Max retries exceeded with url: /github-production-release-asset-2e65be/107708057/665228bd-d0c3-4865-b029-624cbc247ca1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220701%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220701T163308Z&X-Amz-Expires=300&X-Amz-Signature=dd9381d3d71deeb228b151ec41140e8238f425ca9bf2882889c6bc9592c782e6&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=107708057&response-content-disposition=attachment%3B%20filename%3Dazure_devops-0.25.0-py2.py3-none-any.whl&response-content-type=application%2Foctet-stream (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))
I've seen the post here Azure CLI Error and it was of no help
We have tried the same at our local to install the azure devops extension and it works successfully by following the MS DOC as given in question.
Here are the workaround we followed;
az login
Select-AzSubscription -Subscription subscriptionID
And it has been logged in successfully:-
After then installing az extension add --name azure-devops and it works.
Below are az --version we used ;
NOTE:- For the error make sure that you are using the latest version of az cli and enabled the port in your local (Windows security> Advance settings> Inbound Rule> add new rule then add your required port (443) and enable the same).
For configuration details here : How to open port in windows firwall .
For more information please refer the below links:-
Similar SO THREAD|Why Azure CLI login fails? "Connection actively refused" & az login command fails - Azure cli .
BLOG| MICROSOFT TECHNET .

Fetch secrets and certificates from AzureKeyVault inside Docker container

I have a .net framework console application. Inside this application, I'm fetching secrets and certificates from keyvault using tenantId, client Id and Client Secret.
Application is fetching secrets and certificates properly.
Now I have containerized the application using Docker. After running the image I'm unable to fetch secrets and certificates. I'm getting below error:
" Retry failed after 4 tries. Retry settings can be adjusted in ClientOptions.Retry. (No such host is known.) (No such host is known.) (No such
host is known.) (No such host is known.)"
To resolve the error, please try the following workarounds:
Check whether your container was setup behind an nginx reverse proxy.
If yes, then try removing the upstream section from the nginx reverse proxy and set proxy_pass to use docker-compose service's hostname.
After any change make sure to restart WSL and Docker.
Check if DNS is resolving the host names successfully or not, otherwise try adding the below in your docker-compose.yml file.
dns:
- 8.8.8.8
Try removing auto generated values by WSL in /etc/resolv.conf and add DNS like below if above doesn't work.
# [network]
# generateResolvConf = false
nameserver 8.8.8.8
Try restarting the WSL by running below command as an Admin:
Restart-NetAdapter -Name "vEthernet (WSL)"
Try installing a Docker Desktop update as a workaround.
For more in detail, please refer below links:
Getting "Name or service not known (login.microsoftonline.com:443)" regularly, but occasionally it succeeds? · Discussion #3102 · dotnet/dotnet-docker · GitHub
ssl - How to fetch Certificate from Azure Key vault to be used in docker image - Stack Overflow

az login using managed identity fails in az pipeline

When I run the pipeline on AKS and run az login --identity it gives me an error as below. What should I do to fix this issue.
AzureResponseError: Failed to connect to MSI. Please make sure MSI is configured correctly. Get Token request returned http error: 400, reason: Bad Request

Invalid CORS request: JHipster registry on Azure webapp

I am trying to deploy default Jhipster-registry executable Jar file on Azure webapp. The applications starts and I can see the login page. However, when I put username/password and hit submit, I get error:Invalid CORS request (403 forbidden)
I see that api/authenticate service is called. I also tried to deploy default docker image on azure webapp with docker. It also gives exactly same issue.
Basically I want to deploy Jhipster microservices along with the registry on Azure webapps because I am used to it. I expect that being normal Spring boot web application, it should be possible to achieve this.
Any help is appreciated.
regards,
Venky
Try modifying the "application-dev.yml" file.
Comment all lines related to "CORS"
# CORS is only enabled by default with the "dev" profile
# cors:
# Allow Ionic for JHipster by default (* no longer allowed in Spring Boot 2.4+)
# allowed-origins: 'http://localhost:8100,https://localhost:8100,http://localhost:9000,https://localhost:9000,http://localhost:4200,https://localhost:4200'
# Enable CORS when running in GitHub Codespaces
# allowed-origin-patterns: 'https://*.githubpreview.dev'
# allowed-methods: '*'
# allowed-headers: '*'
# exposed-headers: 'Authorization,Link,X-Total-Count,X-${jhipster.clientApp.name}-alert,X-${jhipster.clientApp.name}-error,X-${jhipster.clientApp.name}-params'
# allow-credentials: true
# max-age: 1800
Or if you prefer include your deploy location in "allowed-origin-patterns:".
In my case I added gitpod.
allowed-origin-patterns: 'https://*.githubpreview.dev,https://*.gitpod.io'

Can't annotate secret for OpenShift private git repo deployment

I tried to follow this guide on deploying an app on OpenShift from my private repository on GitLab. I tried using an SSH authentication key as a deploy key, GitLab personal access token with api scope and entering my GitLab credentials directly.
I've been failing at the step of adding annotation with repository URI to the secret using this command.
$ oc annotate secret/mysecretname \
'build.openshift.io/source-secret-match-uri-1=https://gitlab.com/username/reponame.git'
I'm getting the following error as a result.
error: at least one annotation update is required
See 'oc annotate -h' for help and examples.
build.openshift.io/source-secret-match-uri-1=https://gitlab.com/username/reponame.git
Result of oc version is as follows, matching the server version shown both in cli and on the about page in the OpenShift web console.
oc v3.10.9
kubernetes v1.10.0+b81c8f8
features: Basic-Auth
Server https://api.starter-us-east-1.openshift.com:443
openshift v3.10.9
kubernetes v1.10.0+b81c8f8

Resources