kyverno-policy.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: kubernetes-gcr-to-registry    
spec:
  background: false
  rules:
    - name: replace-image-registry-pod-containers
      match:
        any:
        - resources:
            kinds:
            - Pod
      mutate:
        foreach:
        - list: "request.object.spec.containers"
          patchStrategicMerge:
            spec:
              containers:
              - name: "{{ element.name }}"
                image: "{{ replace_all('{{element.image}}', 'k8s.gcr.io', 'registry.k8s.io' )}}"
    - name: replace-image-registry-pod-initcontainers
      match:
        any:
        - resources:
            kinds:
            - Pod
      preconditions:
        all:
        - key: "{{ request.object.spec.initContainers[] || `[]` | length(@) }}"
          operator: GreaterThanOrEquals
          value: 1
      mutate:
        foreach:
        - list: "request.object.spec.initContainers"
          patchStrategicMerge:
            spec:
              initContainers:
              - name: "{{ element.name }}"
                image: "{{ replace_all('{{element.image}}', 'k8s.gcr.io', 'registry.k8s.io' )}}"