AWS blog guide ain't updated accordingly to current situation in a repository

[vponoikoait]

source: #124
AWS blog guide ain't updated accordingly to current situation in a repository, as processing changed

              - key: images
                value: "{{ request.object.spec.[ephemeralContainers, initContainers, containers][].image }}"

Doesn't work anymore, which may result in confusion further for whoever tries to implement it and provide bad user experience
More details: https://aws.amazon.com/blogs/containers/announcing-container-image-signing-with-aws-signer-and-amazon-eks/
From my side, it was assumed initially will work, but created a lot of confusion & time in order to implement working PoC

[vishal-chdhry]

Thanks @vponoikoait for opening these issues, I will fix them as soon as I can

[vishal-chdhry]

@vponoikoait, That blog was published when this service was in early stages and we added a lot of features after that. Unfortunately, some of those required us to break backwards compatibility with 0.x alpha versions.
You can follow this blog: https://nirmata.com/2023/11/20/verifying-images-and-attestations-using-aws-signer-notation-and-kyverno/

We will see if we can get that AWS blog updated

[vponoikoait]

@vishal-chdhry would you be kind to include there that current auth requires for kyverno to stay in kyverno namespace and have specific SA name? So nobody would potentially go confused.
Referencing: nirmata/kyverno-notation-verifier#27

[vponoikoait]

It would be also a valid mentioning regarding that it's available since Kyverno version 1.10+, when service calls started to be a thing