Using registry.k8s.io instead of k8s.gcr.io

RELEASE.md

@@ -28,9 +28,9 @@ The Kubernetes Windows GMSA project is released on an as-needed basis. The proce
         ```bash
         K8S_GMSA_DEPLOY_DOWNLOAD_REV='$VERSION' \
             ./deploy-gmsa-webhook.sh --file ./gmsa-manifests \
-            --image k8s.gcr.io/gmsa-webhook/k8s-gmsa-webhook:$VERSION
+            --image registry.k8s.io/gmsa-webhook/k8s-gmsa-webhook:$VERSION
         ```
-        
+
     1. Clicking on `Publish Release`
 1. The release issue is closed
 1. An announcement email is sent to `[email protected]` with the subject `[ANNOUNCE] Kubernetes SIG-Windows GMSA Webhook $VERSION is Released`

admission-webhook/deploy/deploy-gmsa-webhook.sh

@@ -74,7 +74,7 @@ write_manifests_file() {
         ENVS=`env | grep -E 'NAME|NAMESPACE|TLS|RBAC|TOLERATIONS|IMAGE|CA' | sed -n '/^[^\t]/s/=.*//p' | sed '/^$/d' | sed 's/^/-e /g' | tr '\n' ' '`
 
         # envsubst is installed in the nginx images which we already maintain
-        docker run --rm -v "$TEMPLATE_PATH:$TEMPLATE_PATH" $ENVS k8s.gcr.io/e2e-test-images/nginx:1.15-1 sh -c "cat $TEMPLATE_PATH | envsubst" > $MANIFESTS_FILE
+        docker run --rm -v "$TEMPLATE_PATH:$TEMPLATE_PATH" $ENVS registry.k8s.io/e2e-test-images/nginx:1.15-1 sh -c "cat $TEMPLATE_PATH | envsubst" > $MANIFESTS_FILE
     else
         fatal_error "Unable to run envsubst"
     fi

admission-webhook/integration_tests/templates/several-containers-with-gmsa.yml

@@ -22,14 +22,14 @@ spec:
         windowsOptions:
           gmsaCredentialSpecName: {{ index .CredSpecNames 1 }}
       containers:
-      - image: k8s.gcr.io/pause
+      - image: registry.k8s.io/pause
         name: nginx0
         securityContext:
           windowsOptions:
             gmsaCredentialSpecName: {{ index .CredSpecNames 0 }}
-      - image: k8s.gcr.io/pause
+      - image: registry.k8s.io/pause
         name: nginx1
-      - image: k8s.gcr.io/pause
+      - image: registry.k8s.io/pause
         name: nginx2
         securityContext:
           windowsOptions:

admission-webhook/integration_tests/templates/simple-with-container-level-gmsa.yml

@@ -19,7 +19,7 @@ spec:
     spec:
       serviceAccountName: {{ .ServiceAccountName }}
       containers:
-      - image: k8s.gcr.io/pause
+      - image: registry.k8s.io/pause
         name: nginx
         securityContext:
           windowsOptions:

admission-webhook/integration_tests/templates/simple-with-gmsa.yml

@@ -22,7 +22,7 @@ spec:
         windowsOptions:
           gmsaCredentialSpecName: {{ index .CredSpecNames 0 }}
       containers:
-      - image: k8s.gcr.io/pause
+      - image: registry.k8s.io/pause
         name: nginx
 {{- range $line := .ExtraSpecLines }}
       {{ $line }}

admission-webhook/integration_tests/templates/simple-with-pre-set-matching-contents.yml

@@ -23,7 +23,7 @@ spec:
           gmsaCredentialSpecName: {{ index .CredSpecNames 0 }}
           gmsaCredentialSpec: '{"CmsPlugins":["ActiveDirectory"],  "ActiveDirectoryConfig":{"GroupManagedServiceAccounts":[{"Name":"WebApplication0","Scope":"CONTOSO"},{"Name":"WebApplication0","Scope":"contoso.com"}]},"DomainJoinConfig":{"Sid":"S-1-5-21-2126729477-2524075714-3094792973",  "DnsName":"contoso.com","DnsTreeName":"contoso.com","Guid":"244818ae-87ca-4fcd-92ec-e79e5252348a","MachineAccountName":"WebApplication0","NetBiosName":"CONTOSO"}}'
       containers:
-      - image: k8s.gcr.io/pause
+      - image: registry.k8s.io/pause
         name: nginx
 {{- range $line := .ExtraSpecLines }}
       {{ $line }}

admission-webhook/integration_tests/templates/simple-with-pre-set-unmatching-contents.yml

@@ -24,7 +24,7 @@ spec:
           gmsaCredentialSpecName: {{ index .CredSpecNames 0 }}
           gmsaCredentialSpec: '{"ActiveDirectoryConfig":{"GroupManagedServiceAccounts":[{"Name":"WebApplication1","Scope":"CONTOSO"},{"Name":"WebApplication1","Scope":"contoso.com"}]},"CmsPlugins":["ActiveDirectory"],"DomainJoinConfig":{"DnsName":"contoso.com","DnsTreeName":"contoso.com","Guid":"244818ae-87ca-4fcd-92ec-e79e5252348a","MachineAccountName":"WebApplication1","NetBiosName":"CONTOSO","Sid":"S-1-5-21-2126729477-2524175714-3194792973"}}'
       containers:
-      - image: k8s.gcr.io/pause
+      - image: registry.k8s.io/pause
         name: nginx
 {{- range $line := .ExtraSpecLines }}
       {{ $line }}

admission-webhook/integration_tests/templates/simple-with-preset-gmsa-container-level-contents.yml

@@ -19,7 +19,7 @@ spec:
     spec:
       serviceAccountName: {{ .ServiceAccountName }}
       containers:
-      - image: k8s.gcr.io/pause
+      - image: registry.k8s.io/pause
         name: nginx
         securityContext:
           windowsOptions:

admission-webhook/integration_tests/templates/simple-with-preset-gmsa-pod-level-contents.yml

@@ -22,7 +22,7 @@ spec:
         windowsOptions:
           gmsaCredentialSpec: '{"ActiveDirectoryConfig":{"GroupManagedServiceAccounts":[{"Name":"WebApplication0","Scope":"CONTOSO"},{"Name":"WebApplication0","Scope":"contoso.com"}]},"CmsPlugins":["ActiveDirectory"],"DomainJoinConfig":{"DnsName":"contoso.com","DnsTreeName":"contoso.com","Guid":"244818ae-87ca-4fcd-92ec-e79e5252348a","MachineAccountName":"WebApplication0","NetBiosName":"CONTOSO","Sid":"S-1-5-21-2126729477-2524075714-3094792973"}}'
       containers:
-      - image: k8s.gcr.io/pause
+      - image: registry.k8s.io/pause
         name: nginx
 {{- range $line := .ExtraSpecLines }}
       {{ $line }}

admission-webhook/integration_tests/templates/simple-with-unknown-gmsa.yml

@@ -22,7 +22,7 @@ spec:
         windowsOptions:
           gmsaCredentialSpecName: i-sure-dont-exist
       containers:
-      - image: k8s.gcr.io/pause
+      - image: registry.k8s.io/pause
         name: nginx
 {{- range $line := .ExtraSpecLines }}
       {{ $line }}

admission-webhook/integration_tests/templates/single-pod-with-container-level-gmsa.yml

@@ -11,7 +11,7 @@ spec:
   serviceAccountName: {{ .ServiceAccountName }}
   containers:
   - name: {{ .TestName }}
-    image: k8s.gcr.io/pause
+    image: registry.k8s.io/pause
     securityContext:
       windowsOptions:
         gmsaCredentialSpecName: {{ index .CredSpecNames 0 }}

admission-webhook/integration_tests/templates/single-pod-with-gmsa.yml

@@ -20,7 +20,7 @@ spec:
 {{- if .Image }}
     image: {{ .Image }}
 {{- else }}
-    image: k8s.gcr.io/pause
+    image: registry.k8s.io/pause
 {{- end }}
   dnsPolicy: ClusterFirst
   restartPolicy: Never

charts/README.md

@@ -1,23 +1,26 @@
 # Install Windows GMSA with Helm 3
 
 ## Prerequisites
+
 - [install Helm](https://helm.sh/docs/intro/quickstart/#install-helm)
 
 ### Tips
 
-
 ### install a specific version
+
 ```console
 helm repo add windows-gmsa https://raw.githubusercontent.com/kubernetes-sigs/windows-gmsa/master/charts/repo
 helm install windows-gmsa/gmsa --namespace kube-system --version v0.4.2
 ```
 
 ### search for all available chart versions
+
 ```console
 helm search repo -l gmsa
 ```
 
 ## uninstall Windows GMSA
+
 ```console
 helm uninstall gmsa -n kube-system
 ```
@@ -32,19 +35,20 @@ The following table lists the configurable parameters of the latest GMSA chart a
 | `certificates.certManager.version`                    | version of cert manager                                           |                                                       |
 | `certificates.caBundle`                               | cert-manager disabled, add self-signed ca.crt in base64 format    |                                                       |
 | `certificates.secretName`                             | cert-manager disabled, upload certs data as k8s secretName        | `gmsa-server-cert`                                    |
-| `credential.enabled `                                 | enable creation of GMSA Credential                                | `true`                                                |
+| `credential.enabled`                                  | enable creation of GMSA Credential                                | `true`                                                |
 | `credential.domainJoinConfig.dnsName`                 | DNS Domain Name                                                   |                                                       |
 | `credential.domainJoinConfig.dnsTreeName`             | DNS Domain Name Root                                              |                                                       |
 | `credential.domainJoinConfig.guid`                    | GUID                                                              |                                                       |
 | `credential.domainJoinConfig.machineAccountName`      | username of the GMSA account                                      |                                                       |
 | `credential.domainJoinConfig.netBiosName`             | NETBIOS Domain Name                                               |                                                       |
 | `credential.domainJoinConfig.sid`                     | SID                                                               |                                                       |
-| `image.repository`                                    | image repository                                                  | `k8s.gcr.io/gmsa-webhook/k8s-gmsa-webhook`                    |
+| `image.repository`                                    | image repository                                                  | `registry.k8s.io/gmsa-webhook/k8s-gmsa-webhook`       |
 | `image.tag`                                           | image tag                                                         | `v0.4.0`                                              |
 | `image.imagePullPolicy`                               | image pull policy                                                 | `IfNotPresent`                                        |
-| `global.systemDefaultRegistry `                       | container registry                                                |                                                       |
+| `global.systemDefaultRegistry`                        | container registry                                                |                                                       |
 | `tolerations`                                         | tolerations                                                       | []                                                    |
 
 ## troubleshooting
+
 - Add `--wait -v=5 --debug` in `helm install` command to get detailed error
 - Use `kubectl describe` to acquire more info

charts/gmsa/Chart.yaml

@@ -10,4 +10,4 @@ name: gmsa
 sources:
 - https://github.com/kubernetes-sigs/windows-gmsa
 type: application
-version: 0.4.2
+version: 0.4.3

charts/gmsa/values.yaml

@@ -21,7 +21,7 @@ credential:
 containerPort: "443"
 
 image:
-  repository: k8s.gcr.io/gmsa-webhook/k8s-gmsa-webhook
+  repository: registry.k8s.io/gmsa-webhook/k8s-gmsa-webhook
   tag: v0.4.0
   imagePullPolicy: IfNotPresent