The Invisible Rewrite: Modernizing the Kubernetes Image Promoter

Every container image you pull from registry.k8s.io got there through kpromo , the Kubernetes image promoter. It copies images from staging registries to production, signs them with cosign , replicates signatures across more than 20 regional mirrors, and generates SLSA provenance attestations. If this tool breaks, no Kubernetes release ships. Over the past few weeks, we rewrote its core from scratch, deleted 20% of the codebase, made it dramatically faster, and nobody noticed. That was the whole point. A bit of history The image promoter started in late 2018 as an internal Google project by Linus Arver . The goal was simple: replace the manual, Googler-gated process of copying container images into k8s.gcr.io with a community-owned, GitOps-based workflow. Push to a staging registry, open a PR with a YAML manifest, get it reviewed and merged, and automation handles the rest. KEP-1734 formalized this proposal. In early 2019, the code moved to kubernetes-sigs/k8s-container-image-promoter

The Invisible Rewrite: Modernizing the Kubernetes Image Promoter

Related Articles

Oxyde ORM - Django-like Pydantic-driven Async ORM

SEC eyes shift to twice-yearly earnings reports

The Dawn of Immersive Blogging: Monetizing Virtual Reality Experiences

The Middle and the Outliers

Avian Physics 0.6

Related Articles

News
Oxyde ORM - Django-like Pydantic-driven Async ORM
Lobsters • 2h ago

News
SEC eyes shift to twice-yearly earnings reports
TechCrunch • 3h ago

News
The Dawn of Immersive Blogging: Monetizing Virtual Reality Experiences
Medium Programming • 3h ago

News
The Middle and the Outliers
Medium Programming • 3h ago

News
Avian Physics 0.6
Lobsters • 4h ago