Description

See kyverno/kyverno#3596

  imageExtractors: {}
    # Should be a mapping of Kind to the image extraction config for that kind.
    # Example for Tekton Tasks - https://tekton.dev/docs/pipelines/tasks/#configuring-a-task
    # Task:
    #   - name: steps
    #     fields: ["spec", "steps", "*"]
    #     value: "image"

Adds a key called imageExtractors to the kyverno config.

The top level field must be the for the GVK followed by a list of extractors.

Each extractor contains the following required properties -

• name: Name is the top level key that will identify the images extracted. The output context will contain images.<name>.<key> For eg. for pods, name is one of containers, initContainers or ephemeralContainers
• field: Path to the top level object containing the image value and key. Only valid letters are valid YAML string keys or * entries. In case of * it expands both lists and object keys. For eg. for Pod containers it looks like ["spec", "containers", ""], for Jobs it is ["spec", "template", "spec", "containers", ""]
• value: The key inside the top level field object that contains the container image URI. For eg. for pods this is "image"
• key: Optional path to field to decide the value of images.<name>.<key>. Note: key values must be unique. For eg. for Pods it is set to "name".

Slack discussion

No response