Summary
The "Enforcing with Admission Policies" section of docs/integrator/supply-chain-verification.md shipped admission-policy examples that cannot verify AICR's GitHub Artifact Attestations as written. They were replaced with a pointer to the official current docs (PR #1528); this issue tracks adding validated, cluster-tested copy-paste examples.
What was wrong
- Kyverno used the legacy Cosign attestation format. GitHub Artifact Attestations are Sigstore bundles; Kyverno verifies them with
type: SigstoreBundle (see Kyverno's "Verifying Sigstore Bundles" guide).
- Sigstore Policy Controller pinned
v0.10.0, but Sigstore-bundle support arrived in v0.13.0 and requires signatureFormat: bundle.
- The negative test could not be made coherent without an in-scope unsigned image under a namespace the author controls; the namespace was also not consistently used for both the enablement label and
kubectl run -n.
Ask
Add validated examples (tested against a real cluster):
- Kyverno
ClusterPolicy using type: SigstoreBundle + the build-provenance attestation, pinned to a current Kyverno version.
- Sigstore Policy Controller
ClusterImagePolicy on v0.13.0+ with signatureFormat: bundle, the namespace policy.sigstore.dev/include=true label, and a coherent positive/negative test using a $NAMESPACE variable and an in-scope image the test owner controls.
Identity values to verify against: issuer https://token.actions.githubusercontent.com, subject https://github.com/NVIDIA/aicr/.github/workflows/*.
Related
Summary
The "Enforcing with Admission Policies" section of
docs/integrator/supply-chain-verification.mdshipped admission-policy examples that cannot verify AICR's GitHub Artifact Attestations as written. They were replaced with a pointer to the official current docs (PR #1528); this issue tracks adding validated, cluster-tested copy-paste examples.What was wrong
type: SigstoreBundle(see Kyverno's "Verifying Sigstore Bundles" guide).v0.10.0, but Sigstore-bundle support arrived in v0.13.0 and requiressignatureFormat: bundle.kubectl run -n.Ask
Add validated examples (tested against a real cluster):
ClusterPolicyusingtype: SigstoreBundle+ the build-provenance attestation, pinned to a current Kyverno version.ClusterImagePolicyonv0.13.0+withsignatureFormat: bundle, the namespacepolicy.sigstore.dev/include=truelabel, and a coherent positive/negative test using a$NAMESPACEvariable and an in-scope image the test owner controls.Identity values to verify against: issuer
https://token.actions.githubusercontent.com, subjecthttps://github.com/NVIDIA/aicr/.github/workflows/*.Related