Skip to content

Instantly share code, notes, and snippets.

@lukasmrtvy

lukasmrtvy/kyv-cp

Created December 14, 2023 20:47
Show Gist options
  • Save lukasmrtvy/d40bf59674fc85b92a18e88af619627a to your computer and use it in GitHub Desktop.
Save lukasmrtvy/d40bf59674fc85b92a18e88af619627a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kyv-cp
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: replace-image-registry-docker
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: replace-image-registry-docker
match:
any:
- resources:
kinds:
- Pod
preconditions:
all:
- key: "{{request.operation || 'BACKGROUND'}}"
operator: AnyIn
value:
- CREATE
- UPDATE
mutate:
foreach:
- list: "request.object.spec.containers"
context:
- name: imageData
imageRegistry:
reference: "{{ element.image }}"
preconditions:
all:
- key: "{{imageData.registry}}"
operator: Equals
value: "index.docker.io"
patchStrategicMerge:
spec:
containers:
- name: "{{ element.name }}"
image: "XXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/registry-1.docker.io/{{imageData.repository}}:{{imageData.identifier}}"
- name: replace-image-registry-initcontainers-docker
match:
any:
- resources:
kinds:
- Pod
preconditions:
all:
- key: "{{request.operation || 'BACKGROUND'}}"
operator: AnyIn
value:
- CREATE
- UPDATE
- key: "{{ request.object.spec.initContainers[] || '' | length(@) }}"
operator: GreaterThanOrEquals
value: 1
mutate:
foreach:
- list: "request.object.spec.initContainers"
context:
- name: imageData
imageRegistry:
reference: "{{ element.image }}"
preconditions:
all:
- key: "{{imageData.registry}}"
operator: Equals
value: "index.docker.io"
patchStrategicMerge:
spec:
initContainers:
- name: "{{ element.name }}"
image: "XXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/registry-1.docker.io/{{imageData.repository}}:{{imageData.identifier}}"
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: replace-image-registry-k8s
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: replace-image-registry-k8s
match:
any:
- resources:
kinds:
- Pod
preconditions:
all:
- key: "{{request.operation || 'BACKGROUND'}}"
operator: AnyIn
value:
- CREATE
- UPDATE
mutate:
foreach:
- list: "request.object.spec.containers"
context:
- name: imageData
imageRegistry:
reference: "{{ element.image }}"
preconditions:
all:
- key: "{{imageData.registry}}"
operator: Equals
value: "registry.k8s.io"
patchStrategicMerge:
spec:
containers:
- name: "{{ element.name }}"
image: "XXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/registry.k8s.io/{{imageData.repository}}:{{imageData.identifier}}"
- name: replace-image-registry-initcontainers-k8s
match:
any:
- resources:
kinds:
- Pod
preconditions:
all:
- key: "{{request.operation || 'BACKGROUND'}}"
operator: AnyIn
value:
- CREATE
- UPDATE
- key: "{{ request.object.spec.initContainers[] || '' | length(@) }}"
operator: GreaterThanOrEquals
value: 1
mutate:
foreach:
- list: "request.object.spec.initContainers"
context:
- name: imageData
imageRegistry:
reference: "{{ element.image }}"
preconditions:
all:
- key: "{{imageData.registry}}"
operator: Equals
value: "registry.k8s.io"
patchStrategicMerge:
spec:
initContainers:
- name: "{{ element.name }}"
image: "XXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/registry.k8s.io/{{imageData.repository}}:{{imageData.identifier}}"
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: replace-image-registry-quay
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: replace-image-registry-quay
match:
any:
- resources:
kinds:
- Pod
preconditions:
all:
- key: "{{request.operation || 'BACKGROUND'}}"
operator: AnyIn
value:
- CREATE
- UPDATE
mutate:
foreach:
- list: "request.object.spec.containers"
context:
- name: imageData
imageRegistry:
reference: "{{ element.image }}"
preconditions:
all:
- key: "{{imageData.registry}}"
operator: Equals
value: "quay.io"
patchStrategicMerge:
spec:
containers:
- name: "{{ element.name }}"
image: "XXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/quay.io/{{imageData.repository}}:{{imageData.identifier}}"
- name: replace-image-registry-initcontainers-quay
match:
any:
- resources:
kinds:
- Pod
preconditions:
all:
- key: "{{request.operation || 'BACKGROUND'}}"
operator: AnyIn
value:
- CREATE
- UPDATE
- key: "{{ request.object.spec.initContainers[] || '' | length(@) }}"
operator: GreaterThanOrEquals
value: 1
mutate:
foreach:
- list: "request.object.spec.initContainers"
context:
- name: imageData
imageRegistry:
reference: "{{ element.image }}"
preconditions:
all:
- key: "{{imageData.registry}}"
operator: Equals
value: "quay.io"
patchStrategicMerge:
spec:
initContainers:
- name: "{{ element.name }}"
image: "XXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/quay.io/{{imageData.repository}}:{{imageData.identifier}}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment