Under “supply chain security” → LABS – WHITELIST ALLOWED registry
One of the solution step explains that /etc/hosts has entry of 127.0.0.1 for “image-bouncer-webhook” on the control plane. However, from my understanding, there is already a k8s Service for “image-bouncer-webhook” from image-policy-webhook.yaml.
Can the admission controller use SVC ip to reach the web-hook server? asking another way is if I delete the “127.0.0.1 image-bouncer-webhook” from /etc/hosts file, will this still work?