vishal-chdhry
commented
9 months ago Thanks @vponoikoait for opening these issues, I will fix them as soon as I can
Open vponoikoait opened 9 months ago
vishal-chdhry
commented
9 months ago Thanks @vponoikoait for opening these issues, I will fix them as soon as I can
vishal-chdhry
commented
9 months ago @vponoikoait, That blog was published when this service was in early stages and we added a lot of features after that. Unfortunately, some of those required us to break backwards compatibility with 0.x alpha versions. You can follow this blog: https://nirmata.com/2023/11/20/verifying-images-and-attestations-using-aws-signer-notation-and-kyverno/
We will see if we can get that AWS blog updated
vponoikoait
commented
9 months ago @vishal-chdhry would you be kind to include there that current auth requires for kyverno to stay in kyverno namespace and have specific SA name? So nobody would potentially go confused. Referencing: https://github.com/nirmata/kyverno-notation-verifier/issues/27
vponoikoait
commented
9 months ago It would be also a valid mentioning regarding that it's available since Kyverno version 1.10+, when service calls started to be a thing
source: https://github.com/nirmata/kyverno-notation-aws/issues/124 AWS blog guide ain't updated accordingly to current situation in a repository, as processing changed
Doesn't work anymore, which may result in confusion further for whoever tries to implement it and provide bad user experience More details: https://aws.amazon.com/blogs/containers/announcing-container-image-signing-with-aws-signer-and-amazon-eks/ From my side, it was assumed initially will work, but created a lot of confusion & time in order to implement working PoC