github enix/kube-image-keeper v2.0.0
on GitHub

12 hours ago

2.0.0 (2026-01-28)

Bug Fixes

  • add missing build information (ddeab5a)
  • allow auto creation of registry monitors for registries with a port (b2bd000)
  • alternatives list building (5f64279)
  • chart: default repositories in values is quay.io (b35e396)
  • config: set default routing check timeout to 2s in the code (8782900)
  • consider ratelimit-remaining header from docker hub while checking image availablity (e6d4ca2)
  • controller: CISM and ISM should exclude their own mirrors to avoid mirror loops (478fce2)
  • controller: ignore digest-based images (fc2f07d)
  • controller: prevent reconciliation loop (34a5c32)
  • controllers: add new mirrors from (Cluster)ImageSetMirror spec to its status (31b3eab)
  • controllers: don't log about filtering when there is 0 image to filter (a6aa7dc)
  • controller: set mirroring exponential backoff baseDelay to 1s (80aa6cc)
  • copy credentialprovider from k8s repo and upgrade dependencies (715690f)
  • create RegistryMonitors for alternative routing/mirroring registries too (3bb7ffb)
  • deduplicate filtered out images in mirror loop protection logs (2817eda)
  • delete images by digests (8709b93)
  • don't check for image availability if there is no alternative configured (347277b)
  • don't create the same RegistryMonitor twice (51dff02)
  • don't log "successfully mirrored image" on mirroring failure (3d22a6c)
  • don't mutate twice the same container nor mutate a pod on update (8327d81)
  • don't use generatedNames in RegistryMonitors as it still can produce duplicates specs (9a2fffa)
  • expires images from (Cluster)ImageSetMirrors status that doesn't match anymore (569d2c2)
  • GetKeychains always returns at least 1 keychain (74f6e05)
  • helm: add missing Age printcolumn in RegistryMonitor (091a596)
  • helm: add missing permissions for (Cluster)ReplicatedImageSets (9b64272)
  • helm: allow manager to get, list and watch secrets (6953d32)
  • helm: always create MutatingWebhookConfiguration (2378f11)
  • helm: better default values for registry monitors and metrics (870852a)
  • helm: lower default throttling values for RegistryMonitors and add registry.k8s.io and public.ecr.aws (36e5ece)
  • helm: rbac (b575666)
  • helm: remove metrics (5359cb9)
  • helm: set default unusedImageTTL to 24 hours (0185ae1)
  • helm: values (278ef70)
  • imageFilter include .* by default only when at least one exclude pattern is defined (d87364a)
  • improve logs and rename badly named images (d5e4458)
  • improve monitoring logs (monitoring failed is not an error but an info) (aa34ec5)
  • include registry while matching images against (Cluster)ReplicatedImageSets filters (c701d7e)
  • linter errors (fb45e08)
  • metrics: init registry_monitor_tasks_total and registry_monitor_images to 0 for all registries and status (bb84c24)
  • metrics: label registry_monitor_registries metrics with registry spec, not name as they may be hashed values (bb87f05)
  • metrics: remove registry_monitor_registries metrics as it not used anymore (1794769)
  • panic in pod webhook when an alternative image doesn't have a secret associated (58f8d4d)
  • panics in registry requests when no timeout has been configured (faf07f9)
  • platform amd64 is not recognized (should be linux/amd64) (50aa6e7)
  • prevent ignoring throttling when maxPerInterval > len(images) (3ddee0b)
  • prevent mirror loops (8ae21ea)
  • prevent reconciliation loop when health checking a registry (efb8068)
  • QuotaExceeded are no longer reported as Unreachable (f0178f9)
  • rbac: allow to update CRIS (490868f)
  • recreate ImageMonitors on deletion when the required Image and RegistryMonitor exist (76b5e6b)
  • remove references to already removed field RegistryMonitor.status.registryStatus (c42d2f3)
  • remove RegistryMonitor CRD (0349822)
  • requeue (Cluster)ImageSetMirrors after expiration duration (0f9e026)
  • set a default value for registymonitor.interval (10m) (a100b7f)
  • set status Available instead of MissingSecret for images without pods that don't need authentication (b29cc2d)
  • skip deletion of images not mirrored yet (6153b5b)
  • skip monitoring images with no pods to prevent the random picker to crash (64f962e)
  • timeout registry requests per keychain (bffcaf2)
  • typo in role for ReplicatedImageSet ressources (034f518)
  • use HEAD instead of GET when monitoring an image in to by-pass docker hub quotas (23c2253)
  • use http GET instead of HEAD as ghcr.io doesn't support HEAD /v2/ (58c6020)
  • use one monitor pool per registry (31b91f2)
  • use pool.Submit instead of pool.Go in order to prevent silent panics (01c7696)
  • watch Pods to reconcile (Cluster)ImageSetMirrors (3daa053)
  • webhook: authenticate active monitoring requests (d4d45e4)
  • webhook: ignore digest-based images (0aef45c)
  • webhook: ignore invalid images (79c7010)
  • webhook: match prefix on normalized image (efca35c)
  • webhook: resolve race condition in alternatives check result ordering (c7c4160)

chore

Features

  • add a status "Unreachable" in image upstream status and record last error in the image status (8031cc0)
  • add image upstream status (4d6a633)
  • add LastError field in image mirroring status (b08691f)
  • add QuotaExceeded image status (394a92f)
  • add registryMonitor.status.registryStatus to keep track of registries health (531df0f)
  • add Scheduled and UnavailableSecret Image monitoring status (db5f70b)
  • add timeout to monitoring tasks (active and passive) (70e8756)
  • basic image mirroring (no-auth, amd64 only) (75ced26)
  • basic image monitoring without authentication support (13362fd)
  • cleanup (Cluster)ImageSetMirror before deletion (8453b5f)
  • cleanup secrets on CISM/CRIS deletion (405a1de)
  • copy imagePullSecrets in pod's namespace when using cluster-scoped ISM and RIS (af21210)
  • create ImageMirrors for Images that match a strategy from the configuration (9a1dddc)
  • create images from nodes instead of pods and update their status (e574d53)
  • create Images from Pods (1a28e55)
  • create one ImageMonitor per matching registry based on routing strategies (c7a5392)
  • delete expired images (10f42f4)
  • delete unused images after a configurable amount of time (c6f6813)
  • helm chart (3506acf)
  • helm: add support for topologySpreadConstraints (de59664)
  • helm: allow to populate the config.yaml file (1c71b82)
  • helm: create default registry monitors on installs and upgrades (fd3c68a)
  • helm: don't leader elect if replicas < 2 (633bd17)
  • helm: merge registryMonitors.items default values with user supplied values and make it a dict instead of an array (1eb67c8)
  • imageMatcher becomes a list of include and exclude regexps (0b676ee)
  • inject rerouted image pull secret if not already present in the pod (bc45e1d)
  • load configuration from file (7625881)
  • make default http method per registry monitor configurable (HEAD/GET) (5a27928)
  • mark unused images and don't monitor them (e2ef3bb)
  • metrics: add detailed status in registry_monitor_tasks_total metric (a73527d)
  • metrics: add image_last_monitor_age_minutes histogram metric (a0f4e21)
  • metrics: add registry_monitor_images metric (6ccb41b)
  • metrics: add registry_monitor_registries metric (2b084f7)
  • metrics: add registry_monitor_tasks_total metric (b86afd8)
  • metrics: add unused label on images and tasks (e96989a)
  • metrics: setup prometheus exporter and export manager metrics (2de00fd)
  • mirror images according to ClusterImageSetMirrors (3a371ae)
  • mirror images according to ImageSetMirrors (3d1737f)
  • mirroring with auth (aa59c20)
  • optionnal active check when rerouting images (2415181)
  • recreate images when deleted while being used (575b1c1)
  • registry monitors auto-discovery (create registry monitors with default values for registries used in the cluster) (f62f32f)
  • reroute images based on (Cluster)ImageMirrorSets (d2553f7)
  • reroute images based on (Cluster)ReplicatedImageSets (bb1c312)
  • reroute images based on their availability (b35babd)
  • set unusedSince status in (Cluster)ImageSetMirrors when an image stopped to be used in the cluster (2586a9b)
  • use secrets configured in ReplicatedImageSet & ImageMirrorSets to check images availability (70e06f7)
  • use secrets from pod to authenticate image scans (aac91fb)
  • webhook: cache choosen alternatives as well as manifests availability (89031a8)
  • webhook: cache manifests HEAD results (ef7a5db)
  • webhook: run checks in parallel and lower timeout to 1s (937c011)

BREAKING CHANGES

  • rebooting the project!
Check out latest releases or
releases around enix/kube-image-keeper v2.0.0

Don't miss a new kube-image-keeper release

NewReleases is sending notifications on new releases.

Get notifications