A mutating webhook that patches Pod container images based on configuration rules. For example, if you want to transparently proxy image pulls through an internal registry, this webhook might be for you.
This webhook works best in combination with Harbor and its proxy cache feature.
It is recommended to setup a proxy cache project for every registry for which you want the webhook to replace images.
Of course this webhook also works without Harbor.
The helm chart provided in this repository can be used to deploy the webhook.
First, add the helm repository:
helm repo add pod-image-swap-webhook \
https://bonial-international-gmbh.github.io/pod-image-swap-webhookCreate a values.yaml and add a webhookConfig section with the desired
replacement configuration, for example:
---
webhookConfig:
exclude:
- prefix: k8s.gcr.io/ingress-nginx/controller
replace:
- prefix: quay.io
replacement: registry.example.org/quay.io
- prefix: k8s.gcr.io
replacement: registry.example.org/k8s.gcr.io
- prefix: docker.io
replacement: registry.example.org/docker.ioYou can find documentation for all available webhookConfig fields in
config.sample.yaml.
For more helm configuration options have a look into the values.yaml
defaults.
Finally use helm to install the webhook:
helm upgrade pod-image-swap-webhook pod-image-swap-webhook/pod-image-swap-webhook \
--install --namespace kube-system --values values.yamlThe source code of pod-image-swap-webhook is released under the MIT License. See the bundled LICENSE file for details.