Current ImageSwap Webhook code is tested against K8s v1.24, v1.25, v1.26, and v1.27. While ImageSwap may work with other versions of K8s, functionality isn't guarunteed.
Deprecated APIs in v1.22 Because the end of support for some beta APIs the code received some important updates. Now you need to specify a signer for your Certificate Signing Request. You can take a look on the official documentation about API changes Reference API deprecation.
K8s prior to v1.19 ImageSwap v1.5.0+ drops support for k8s versions below v1.19 and will no longer work due to the
admissionregistration.k8s.io/v1beta1api deprecation. For deployment on K8s version v1.19 and before, please use ImageSwap v1.4.x.
EKS 1.22 To use ImageSwap you'll need to setup an Amazon exclusive signer
beta.eks.amazonaws.com/app-serving. Look atclient.V1CertificateSigningRequestSpec()onapp/imageswap-init/imageswap-init.py.
k8s_csr_spec = client.V1CertificateSigningRequestSpec(
groups=["system:authenticated"],
usages=["digital signature", "key encipherment", "server auth"],
request=base64.b64encode(csr_pem).decode("utf-8").rstrip(),
signer_name="beta.eks.amazonaws.com/app-serving"
)
MAPS LOGIC: There is a new MAPS mode logic that has been added to allow for more flexibility in the image swapping logic. The existing logic, referred to as
LEGACYmode, is still available, but has been deprecated. To continue using theLEGACYmode logic set theIMAGESWAP_MODEenvironment variable accordingly. Please reference the configuration section for more information.
Image Definition Preservation: Updates have been made to how image definitions are processed during a swap. Previously the swap logic would drop the image org/project before adding the prefix (ie.
nginx/nginx-ingress:latestwould drop thenginx/portion of the image definition). In v1.4.0+ the swap logic will preserve all parts of the image except the Registry (ie.docker.io/nginx/nginx-ingresswill drop thedocker.ioonly from the image definition).