portal-tts: docker.io/ prefix on edge-tts image (Kyverno trusted-registries)
All checks were successful
ci/woodpecker/push/default Pipeline was successful
All checks were successful
ci/woodpecker/push/default Pipeline was successful
The edge-tts apply was blocked by the require-trusted-registries Kyverno policy —
a bare `travisvn/openai-edge-tts` isn't in the allowlist. The policy blanket-
trusts `docker.io/*`, so prefixing the image with `docker.io/` passes admission
with no policy change. Verified live: bg synth round-trips through Whisper
verbatim and a full gateway /v1/talk bg turn returns a coherent spoken Bulgarian
reply ("Добър ден! Добре съм, благодаря!...").
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
parent
ab55cb5dcd
commit
605cf99a1b
1 changed files with 3 additions and 1 deletions
|
|
@ -43,7 +43,9 @@ variable "edge_tts_image" {
|
||||||
# bundles ffmpeg so response_format=wav (PCM16) works. Floating tag (no semver
|
# bundles ffmpeg so response_format=wav (PCM16) works. Floating tag (no semver
|
||||||
# discipline upstream) — the namespace is Keel-enrolled so digest bumps roll in
|
# discipline upstream) — the namespace is Keel-enrolled so digest bumps roll in
|
||||||
# automatically; TF owns only the tag string.
|
# automatically; TF owns only the tag string.
|
||||||
default = "travisvn/openai-edge-tts:latest-ffmpeg"
|
# docker.io/ prefix is REQUIRED: Kyverno require-trusted-registries blanket-
|
||||||
|
# trusts docker.io/* but a bare `travisvn/...` is unenumerated → blocked.
|
||||||
|
default = "docker.io/travisvn/openai-edge-tts:latest-ffmpeg"
|
||||||
description = "openai-edge-tts image (ffmpeg variant — needed for wav output)."
|
description = "openai-edge-tts image (ffmpeg variant — needed for wav output)."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue