google
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎manifests/Kptfile‎
Lines changed: 2 additions & 19 deletions b/‎manifests/Kptfile‎
Lines changed: 2 additions & 19 deletions
diff --git a/‎manifests/cluster-role-binding.yaml‎
Lines changed: 3 additions & 4 deletions b/‎manifests/cluster-role-binding.yaml‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎manifests/cluster-role.yaml‎
Lines changed: 39 additions & 40 deletions b/‎manifests/cluster-role.yaml‎
Lines changed: 39 additions & 40 deletions
diff --git a/‎manifests/deployment.yaml‎
Lines changed: 63 additions & 64 deletions b/‎manifests/deployment.yaml‎
Lines changed: 63 additions & 64 deletions
@@ -57,7 +57,7 @@ the container image. You can use digester to deploy container images by digest.
     Alternatively, you can download the latest version using these commands:
 
     ```sh
-    VERSION=v0.1.5
+    VERSION=v0.1.6
     curl -Lo digester "https://github.com/google/k8s-digester/releases/download/${VERSION}/digester_$(uname -s)_$(uname -m)"
     chmod +x digester
     ```
 
@@ -1,25 +1,8 @@
-# Copyright 2021 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 apiVersion: kpt.dev/v1
 kind: Kptfile
 metadata:
   name: digester
   annotations:
-    config.kubernetes.io/local-config: 'true'
+    config.kubernetes.io/local-config: "true"
 info:
-  description: >-
-    The digester mutating admission webhook resolves tags to digests for
-    container and init container images in Kubernetes Pod and Pod template
-    specs.
+  description: The digester mutating admission webhook resolves tags to digests for container and init container images in Kubernetes Pod and Pod template specs.
@@ -11,7 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -23,6 +22,6 @@ roleRef:
   kind: ClusterRole
   apiGroup: rbac.authorization.k8s.io
 subjects:
-- name: digester-admin
-  namespace: digester-system
-  kind: ServiceAccount
+  - name: digester-admin
+    namespace: digester-system
+    kind: ServiceAccount
@@ -11,50 +11,49 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: digester-manager-role
   labels:
     digester/system: 'yes'
 rules:
-- resources:
-  - secrets # access to imagePullSecrets
-  - serviceaccounts # access to imagepullSecrets
-  apiGroups:
-  - ''
-  verbs:
-  - get
-  - list
-  - watch
-- resources:
-  - customresourcedefinitions
-  apiGroups:
-  - apiextensions.k8s.io
-  verbs:
-  - get
-  - list
-  - watch
-- resources:
-  - mutatingwebhookconfigurations
-  apiGroups:
-  - admissionregistration.k8s.io
-  verbs:
-  - get
-  - list
-  - watch
-- resources:
-  - mutatingwebhookconfigurations
-  apiGroups:
-  - admissionregistration.k8s.io
-  resourceNames:
-  - digester-mutating-webhook-configuration
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
+  - resources:
+      - secrets # access to imagePullSecrets
+      - serviceaccounts # access to imagepullSecrets
+    apiGroups:
+      - ''
+    verbs:
+      - get
+      - list
+      - watch
+  - resources:
+      - customresourcedefinitions
+    apiGroups:
+      - apiextensions.k8s.io
+    verbs:
+      - get
+      - list
+      - watch
+  - resources:
+      - mutatingwebhookconfigurations
+    apiGroups:
+      - admissionregistration.k8s.io
+    verbs:
+      - get
+      - list
+      - watch
+  - resources:
+      - mutatingwebhookconfigurations
+    apiGroups:
+      - admissionregistration.k8s.io
+    resourceNames:
+      - digester-mutating-webhook-configuration
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
@@ -11,7 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -42,67 +41,67 @@ spec:
       nodeSelector:
         kubernetes.io/os: linux
       containers:
-      - name: manager
-        image: ko://github.com/google/k8s-digester # kpt-set: ${image}
-        args:
-        - webhook
-        - --cert-dir=/certs # kpt-set: --cert-dir=${cert-dir}
-        - --disable-cert-rotation=false # kpt-set: --disable-cert-rotation=${disable-cert-rotation}
-        - --dry-run=false # kpt-set: --dry-run=${dry-run}
-        - --health-addr=:9090 # kpt-set: --health-addr=:${health-port}
-        - --metrics-addr=:8888 # kpt-set: --metrics-addr=:${metrics-port}
-        - --offline=false # kpt-set: --offline=${offline}
-        - --port=8443 # kpt-set: --port=${port}
-        ports:
-        - name: webhook-server
-          protocol: TCP
-          containerPort: 8443 # kpt-set: ${port}
-        - name: metrics
-          protocol: TCP
-          containerPort: 8888 # kpt-set: ${metrics-port}
-        - name: healthz
-          protocol: TCP
-          containerPort: 9090 # kpt-set: ${health-port}
-        env:
-        - name: DEBUG
-          value: 'false' # kpt-set: ${debug}
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        resources:
-          requests:
-            cpu: 100m # kpt-set: ${request-cpu}
-            ephemeral-storage: 256Mi # kpt-set: ${request-ephemeral-storage}
-            memory: 256Mi # kpt-set: ${request-memory}
-        volumeMounts:
-        - name: cert
-          readOnly: true
-          mountPath: /certs # kpt-set: ${cert-dir}
-        livenessProbe:
-          httpGet:
-            port: healthz
-            path: /healthz
-        readinessProbe:
-          httpGet:
-            port: healthz
-            path: /readyz
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - all
-          readOnlyRootFilesystem: true
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
+        - name: manager
+          image: ghcr.io/google/k8s-digester:v0.1.6@sha256:5a8e9b25b7464b550c959937c412b1451004ff8d426b23ea5e8f31a5cc497a4d # kpt-set: ${image}
+          args:
+            - webhook
+            - --cert-dir=/certs # kpt-set: --cert-dir=${cert-dir}
+            - --disable-cert-rotation=false # kpt-set: --disable-cert-rotation=${disable-cert-rotation}
+            - --dry-run=false # kpt-set: --dry-run=${dry-run}
+            - --health-addr=:9090 # kpt-set: --health-addr=:${health-port}
+            - --metrics-addr=:8888 # kpt-set: --metrics-addr=:${metrics-port}
+            - --offline=false # kpt-set: --offline=${offline}
+            - --port=8443 # kpt-set: --port=${port}
+          ports:
+            - name: webhook-server
+              protocol: TCP
+              containerPort: 8443 # kpt-set: ${port}
+            - name: metrics
+              protocol: TCP
+              containerPort: 8888 # kpt-set: ${metrics-port}
+            - name: healthz
+              protocol: TCP
+              containerPort: 9090 # kpt-set: ${health-port}
+          env:
+            - name: DEBUG
+              value: 'false' # kpt-set: ${debug}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          resources:
+            requests:
+              cpu: 100m # kpt-set: ${request-cpu}
+              ephemeral-storage: 256Mi # kpt-set: ${request-ephemeral-storage}
+              memory: 256Mi # kpt-set: ${request-memory}
+          volumeMounts:
+            - name: cert
+              readOnly: true
+              mountPath: /certs # kpt-set: ${cert-dir}
+          livenessProbe:
+            httpGet:
+              port: healthz
+              path: /healthz
+          readinessProbe:
+            httpGet:
+              port: healthz
+              path: /readyz
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - all
+            readOnlyRootFilesystem: true
+            runAsGroup: 65532
+            runAsNonRoot: true
+            runAsUser: 65532
       volumes:
-      - name: cert
-        secret:
-          defaultMode: 420
-          secretName: digester-webhook-server-cert
+        - name: cert
+          secret:
+            defaultMode: 420
+            secretName: digester-webhook-server-cert