Add registry prefix to all images with kustomize image transformer

Question

A common requirement when deploying Kubernetes manifests to a cluster is to prefix the container names with a trusted registry prefix that mirrors the allowed images. Usually used along with an admission controller.

Is there a sensible way to do this using Kustomize without having to list every single image by name in the kustomization.yaml images: transformer stanza?

Given this kustomization.yaml:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - "https://github.com/prometheus-operator/kube-prometheus"

if I want to prefix all the images it references with mytrusted.registry/ I need to append this to my kustomization.yaml:

images:
- name: grafana/grafana
  newName: mytrusted.registry/grafana/grafana
- name: jimmidyson/configmap-reload
  newName: mytrusted.registry/jimmidyson/configmap-reload
- name: k8s.gcr.io/kube-state-metrics/kube-state-metrics
  newName: mytrusted.registry/k8s.gcr.io/kube-state-metrics/kube-state-metrics
- name: k8s.gcr.io/prometheus-adapter/prometheus-adapter
  newName: mytrusted.registry/k8s.gcr.io/prometheus-adapter/prometheus-adapter
- name: quay.io/brancz/kube-rbac-proxy
  newName: mytrusted.registry/quay.io/brancz/kube-rbac-proxy
- name: quay.io/prometheus/alertmanager
  newName: mytrusted.registry/quay.io/prometheus/alertmanager
- name: quay.io/prometheus/blackbox-exporter
  newName: mytrusted.registry/quay.io/prometheus/blackbox-exporter
- name: quay.io/prometheus/node-exporter
  newName: mytrusted.registry/quay.io/prometheus/node-exporter
- name: quay.io/prometheus-operator/prometheus-operator
  newName: mytrusted.registry/quay.io/prometheus-operator/prometheus-operator
- name: quay.io/prometheus/prometheus
  newName: mytrusted.registry/quay.io/prometheus/prometheus

which I generated with this putrid, fragile monstrosity (which WILL break if your containers are specified by hash, or you have a port in your registry prefix):

kustomize build | \
  grep 'image:' | \
  awk '$2 != "" { print $2}' | \
  sort -u | \
  cut -d : -f 1 | \
  jq --raw-input '{ name: ., newName: ("mytrusted.registry/" + .) }' | \
  faq -s -fjson -oyaml '{ images: .}' 

(Note that the above will also NOT WORK completely, because Kustomize doesn't recognise images outside PodTemplates, such as those in the kind: Alertmanager spec.image or the kind: Prometheus spec.image; it'd still be better than the current situation).

What I want instead is to able to express this in the image transformer without generating and maintaining lists of images, with something like the imaginary, does not work example:

images:
  - name: "(*)"
    newName: "mytrusted.registry/$1"

i.e. use a capture group. Or something functionally similar, like an image transformer "prependName" option or similar.

This must be such a common problem to have, but I can't for the life of me find a well established way this is done by convention in the k8s world. Just lots of DIY fragile hacks.