Image-bouncer-webhook DNS /etc/hosts

Under “supply chain security” → LABS – WHITELIST ALLOWED registry

One of the solution step explains that /etc/hosts has entry of 127.0.0.1 for “image-bouncer-webhook” on the control plane. However, from my understanding, there is already a k8s Service for “image-bouncer-webhook” from image-policy-webhook.yaml.

Can the admission controller use SVC ip to reach the web-hook server? asking another way is if I delete the “127.0.0.1 image-bouncer-webhook” from /etc/hosts file, will this still work?

Thank you

Hi @ruanxuyi

Where are you seeing this about the hosts file? Link please if possible.