Hash lock all images #8
Description
Many of our resources only select a particular image tag; rather than an exact hash.
- Use kustomization image field to hashlock
- Check any operators for additional images they may bring in
kubectl get pods --all-namespaces -o json | jq '.items[].spec.containers[].image' | grep -v sha256 | sort -u
- digitalocean/do-csi-plugin:v4.2.0
- docker.io/cilium/cilium:v1.10.4
- docker.io/cilium/operator:v1.10.4
- docker.io/coredns/coredns:1.8.4
- docker.io/digitalocean/arp-flusher:v0.0.2
- docker.io/digitalocean/do-agent:3.11.0
- docker.io/digitalocean/do-csi-plugin:v4.4.1
- hashbang/hashbangctl
- k8s.gcr.io/sig-storage/csi-attacher:v3.5.0
- k8s.gcr.io/sig-storage/csi-provisioner:v3.2.1
- k8s.gcr.io/sig-storage/csi-resizer:v1.5.0
- k8s.gcr.io/sig-storage/csi-snapshotter:v6.0.1
- nginx:1.21.0
- quay.io/jetstack/cert-manager-cainjector:v1.11.2
- quay.io/jetstack/cert-manager-controller:v1.11.2
- quay.io/jetstack/cert-manager-webhook:v1.11.2
- registry.k8s.io/kube-proxy:v1.24.12
- registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.6.0
- 42wim/matterbridge:1.26.0
- drgrove/mtls-server:v0.20.0
- drgrove/wkd:v2.2.2
- eu.gcr.io/k8s-artifacts-prod/external-dns/external-dns:v0.13.4
- ghcr.io/dexidp/dex:v2.36.0-distroless
- ghcr.io/ergochat/ergo:v2.11.1
- hashbang/book:latest
- hashbang/hashbang.sh:latest
- hashbang/webirc:latest
- k8s.gcr.io/sig-storage/csi-node-driver-registrar
- k8s.gcr.io/sig-storage/snapshot-controller
- k8s.gcr.io/sig-storage/snapshot-validation-webhook
- kiwigrid/k8s-sidecar:1.24.0
- postgrest/postgrest:v11.0.1
- quay.io/argoproj/argocd:v2.7.2
- redis:7.0.11-alpine
- redis:7.0.5-alpine
- registry.k8s.io/ingress-nginx/controller:v1.7.1
- thatonecalculator/calckey:v13.1.4.1