diff --git a/manifests/README.md b/manifests/README.md
index 729e27d..f720237 100644
--- a/manifests/README.md
+++ b/manifests/README.md
@@ -34,7 +34,7 @@ If you use a private GKE cluster, see additional steps for
 2.  Apply this package:
 
     ```sh
-    VERSION=v0.1.16
+    VERSION=v0.1.17
     kustomize build "https://github.com/google/k8s-digester.git/manifests?ref=$VERSION" | kubectl apply -f -
     ```
 
@@ -52,7 +52,7 @@ If you use a private GKE cluster, see additional steps for
 3.  Fetch this package:
 
     ```sh
-    VERSION=v0.1.16
+    VERSION=v0.1.17
     kpt pkg get "https://github.com/google/k8s-digester.git/manifests@${VERSION}" manifests
     ```
 
diff --git a/manifests/mutating-webhook-configuration.yaml b/manifests/mutating-webhook-configuration.yaml
index b2e18c6..03c13c5 100644
--- a/manifests/mutating-webhook-configuration.yaml
+++ b/manifests/mutating-webhook-configuration.yaml
@@ -39,6 +39,7 @@ webhooks:
   rules:
   - resources:
     - pods
+    - pods/ephemeralcontainers
     - podtemplates
     - replicationcontrollers
     apiGroups:
diff --git a/pkg/resolve/resolve.go b/pkg/resolve/resolve.go
index b057bb7..2b82816 100644
--- a/pkg/resolve/resolve.go
+++ b/pkg/resolve/resolve.go
@@ -69,6 +69,7 @@ func ImageTags(ctx context.Context, log logr.Logger, config *rest.Config, n *yam
 		yaml.Lookup("spec"),
 		yaml.Tee(yaml.Lookup("containers"), imageTagFilter),
 		yaml.Tee(yaml.Lookup("initContainers"), imageTagFilter),
+		yaml.Tee(yaml.Lookup("ephemeralContainers"), imageTagFilter),
 		yaml.Lookup("template", "spec"),
 		yaml.Tee(yaml.Lookup("containers"), imageTagFilter),
 		yaml.Tee(yaml.Lookup("initContainers"), imageTagFilter),
diff --git a/pkg/resolve/resolve_stub_test.go b/pkg/resolve/resolve_stub_test.go
index 7a74a9d..569b9c4 100644
--- a/pkg/resolve/resolve_stub_test.go
+++ b/pkg/resolve/resolve_stub_test.go
@@ -20,7 +20,7 @@ import (
 	"sigs.k8s.io/kustomize/kyaml/yaml"
 )
 
-func createPodNode(containerImages []string, initContainerImages []string) (*yaml.RNode, error) {
+func createPodNode(containerImages []string, initContainerImages []string, ephemeralContainerImages []string) (*yaml.RNode, error) {
 	node, err := yaml.FromMap(M{
 		"apiVersion": "v1",
 		"kind":       "Pod",
@@ -53,6 +53,17 @@ func createPodNode(containerImages []string, initContainerImages []string) (*yam
 			return nil, err
 		}
 	}
+	for index, image := range ephemeralContainerImages {
+		if err := node.PipeE(
+			yaml.LookupCreate(yaml.SequenceNode, "spec", "ephemeralContainers"),
+			yaml.Append(yaml.NewMapRNode(&map[string]string{
+				"name":  fmt.Sprintf("ephemeralcontainer%d", index),
+				"image": image,
+			}).YNode()),
+		); err != nil {
+			return nil, err
+		}
+	}
 	return node, nil
 }
 
diff --git a/pkg/resolve/resolve_test.go b/pkg/resolve/resolve_test.go
index d380bf5..1f22aee 100644
--- a/pkg/resolve/resolve_test.go
+++ b/pkg/resolve/resolve_test.go
@@ -96,7 +96,7 @@ func Test_ImageTagFilter_filterImage_Container(t *testing.T) {
 }
 
 func Test_ImageTags_Pod(t *testing.T) {
-	node, err := createPodNode([]string{"image0", "image1"}, []string{"image2", "image3"})
+	node, err := createPodNode([]string{"image0", "image1"}, []string{"image2", "image3"}, []string{"image4", "image5"})
 	if err != nil {
 		t.Fatalf("could not create pod node: %v", err)
 	}
@@ -110,10 +110,12 @@ func Test_ImageTags_Pod(t *testing.T) {
 	assertContainer(t, node, "image1@sha256:cc292b92ce7f10f2e4f727ecdf4b12528127c51b6ddf6058e213674603190d06", "spec", "containers", "[name=container1]")
 	assertContainer(t, node, "image2@sha256:5bb21ac469b5e7df4e17899d4aae0adfb430f0f0b336a2242ef1a22d25bd2e53", "spec", "initContainers", "[name=initcontainer0]")
 	assertContainer(t, node, "image3@sha256:b0542da3f90bad69318e16ec7fcb6b13b089971886999e08bec91cea34891f0f", "spec", "initContainers", "[name=initcontainer1]")
+	assertContainer(t, node, "image4@sha256:9ca97c69ef7957a20eb9747ae40ae1d7c1326736b68fc75a74b25742c3f1fecd", "spec", "ephemeralContainers", "[name=ephemeralcontainer0]")
+	assertContainer(t, node, "image5@sha256:51077af79f2b143d082e17640704cec760301d4e266ec868147f0cef3e329a48", "spec", "ephemeralContainers", "[name=ephemeralcontainer1]")
 }
 
 func Test_ImageTags_Pod_Skip_Prefixes(t *testing.T) {
-	node, err := createPodNode([]string{"image0", "skip1.local/image1"}, []string{"image2", "skip2.local/image3"})
+	node, err := createPodNode([]string{"image0", "skip1.local/image1"}, []string{"image2", "skip2.local/image3"}, []string{})
 	if err != nil {
 		t.Fatalf("could not create pod node: %v", err)
 	}