SHA1 algorithm make failed tls handshake

**What steps did you take and what happened:**
Steps:
```bash
> helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
> helm install gatekeeper/gatekeeper \
    --set enableExternalData=true \
    --name-template=gatekeeper \
    --namespace gatekeeper-system \
    --create-namespace
> git clone https://github.com/open-policy-agent/gatekeeper-external-data-provider.git
> cd external-data-provider
> export NAMESPACE=provider-system
> ./scripts/generate-tls-cert.sh
> make docker-buildx
> make kind-load-image
> helm install external-data-provider charts/external-data-provider \
    --set clientCAFile="" \
    --set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \
    --namespace "${NAMESPACE:-gatekeeper-system}" \
    --create-namespace
> kubectl apply -f validation/external-data-provider-constraint-template.yaml
> kubectl apply -f validation/external-data-provider-constraint.yaml
> kubectl run nginx --image=error_nginx --dry-run=server -ojson
```

And got the error:
`Error from server (Forbidden): admission webhook "validation.gatekeeper.sh" denied the request: [deny-images-with-invalid-suffix] invalid response: {"errors": null, "responses": null, "status_code": 500, "system_error": "failed to send external data request: Post \"https://external-data-provider.gatekeeper-system:8090\": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of \"x509: cannot verify signature: insecure algorithm SHA1-RSA (temporarily override with GODEBUG=x509sha1=1)\" while trying to verify candidate authority certificate \"Gatekeeper Root CA\")"}`

**What did you expect to happen:**
Correct evaluation from the image.

`Error from server (Forbidden): admission webhook "validation.gatekeeper.sh" denied the request: [deny-images-with-invalid-suffix] invalid response: {"errors": [["error_nginx", "error_nginx_invalid"]], "responses": [], "status_code": 200, "system_error": ""}`

**Anything else you would like to add:**
[Miscellaneous information that will assist in solving the issue.]


**Environment:**

- Gatekeeper version: v3.13.0-beta.1
- External Data API version: 
- Kubernetes version: (use `kubectl version`): 
```
Client Version: version.Info{
   Major:"1", Minor:"23", GitVersion:"v1.23.6", GitCommit:"ad3338546da947756e8a88aa6822e9c11e7eac22", 
   GitTreeState:"clean", BuildDate:"2022-04-14T08:49:13Z", GoVersion:"go1.17.9", Compiler:"gc", 
   Platform:"darwin/amd64"}
Server Version: version.Info{
   Major:"1", Minor:"27", GitVersion:"v1.27.1", GitCommit:"4c9411232e10168d7b050c49a1b59f6df9d7ea4b", 
   GitTreeState:"clean", BuildDate:"2023-05-12T19:03:40Z", GoVersion:"go1.20.3", Compiler:"gc", 
   Platform:"linux/amd64"}
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SHA1 algorithm make failed tls handshake #24

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

SHA1 algorithm make failed tls handshake #24

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions