initial attempt at adding kyverno to mutate gcr to eks

infra/aws/terraform/prow-build-cluster/resources/kyverno/README.md

@@ -0,0 +1,8 @@
+Please run this command to upgrade Kyverno:
+
+```
+helm template kyverno \
+    kyverno/kyverno \
+    -f=values \
+    -n=kyverno > kyverno.yaml
+```

infra/aws/terraform/prow-build-cluster/resources/kyverno/clusterpolicy.yaml

@@ -0,0 +1,73 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: k8s-prow-gcr-to-ecr-registry    
+spec:
+  background: false
+  rules:
+    - name: replace-image-registry-gcr-k8s-prow-to-ecr-pod-containers
+      match:
+        any:
+        - resources:
+            kinds:
+            - Pod
+      mutate:
+        foreach:
+        - list: "request.object.spec.containers"
+          patchStrategicMerge:
+            spec:
+              containers:
+              - name: "{{ element.name }}"
+                image: "{{ replace_all('{{element.image}}', 'gcr.io/k8s-prow/', '468814281478.dkr.ecr.us-east-2.amazonaws.com/k8s-prow/' )}}"
+    - name: replace-image-registry-gcr-k8s-prow-to-ecr-pod-initcontainers
+      match:
+        any:
+        - resources:
+            kinds:
+            - Pod
+      preconditions:
+        all:
+        - key: "{{ request.object.spec.initContainers[] || `[]` | length(@) }}"
+          operator: GreaterThanOrEquals
+          value: 1
+      mutate:
+        foreach:
+        - list: "request.object.spec.initContainers"
+          patchStrategicMerge:
+            spec:
+              initContainers:
+              - name: "{{ element.name }}"
+                image: "{{ replace_all('{{element.image}}', 'gcr.io/k8s-prow/', '468814281478.dkr.ecr.us-east-2.amazonaws.com/k8s-prow/' )}}"
+    - name: replace-image-registry-gcr-k8s-staging-to-ecr-pod-containers
+      match:
+        any:
+        - resources:
+            kinds:
+            - Pod
+      mutate:
+        foreach:
+        - list: "request.object.spec.containers"
+          patchStrategicMerge:
+            spec:
+              containers:
+              - name: "{{ element.name }}"
+                image: "{{ replace_all('{{element.image}}', 'gcr.io/k8s-staging-', '468814281478.dkr.ecr.us-east-2.amazonaws.com/k8s-staging-' )}}"
+    - name: replace-image-registry-gcr-k8s-staging-to-ecr-pod-initcontainers
+      match:
+        any:
+        - resources:
+            kinds:
+            - Pod
+      preconditions:
+        all:
+        - key: "{{ request.object.spec.initContainers[] || `[]` | length(@) }}"
+          operator: GreaterThanOrEquals
+          value: 1
+      mutate:
+        foreach:
+        - list: "request.object.spec.initContainers"
+          patchStrategicMerge:
+            spec:
+              initContainers:
+              - name: "{{ element.name }}"
+                image: "{{ replace_all('{{element.image}}', 'gcr.io/k8s-staging-', '468814281478.dkr.ecr.us-east-2.amazonaws.com/k8s-staging-' )}}"

infra/aws/terraform/prow-build-cluster/resources/namespaces.yaml

@@ -8,3 +8,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: external-secrets
+---
+kind: Namespace
+metadata:
+  name: kyverno