Support dynamic templating in qtodo app (#87)

Signed-off-by: Andrew Block <andy.block@gmail.com>

Author: sabre1041

charts/qtodo/templates/_helpers.tpl

@@ -0,0 +1,10 @@
+{{/*
+Create the image path for the passed in image field
+*/}}
+{{- define "qtodo.image" -}}
+{{- if eq (substr 0 7 .version) "sha256:" -}}
+{{- printf "%s@%s" (tpl .name .) (tpl .version .) -}}
+{{- else -}}
+{{- printf "%s:%s" (tpl .name .) (tpl .version .) -}}
+{{- end -}}
+{{- end -}}

charts/qtodo/templates/app-deployment.yaml

@@ -29,7 +29,7 @@ spec:
 {{- if eq .Values.app.spire.enabled true }}
       initContainers:
       - name: init-spiffe-helper
-        image: {{ .Values.app.images.spiffeHelper.name }}:{{ .Values.app.images.spiffeHelper.tag }}
+        image: {{ template "qtodo.image" .Values.app.images.spiffeHelper }}
         imagePullPolicy: {{ .Values.app.images.spiffeHelper.pullPolicy }}
         args:
           - '-config'
@@ -46,7 +46,7 @@ spec:
           - name: svids
             mountPath: /svids
       - name: init-spiffe-vault-client
-        image: {{ .Values.app.images.spiffeVaultClient.name }}:{{ .Values.app.images.spiffeVaultClient.tag }}
+        image: {{ template "qtodo.image" .Values.app.images.spiffeVaultClient }}
         imagePullPolicy: {{ .Values.app.images.spiffeVaultClient.pullPolicy }}
         command:
           - python3
@@ -76,7 +76,7 @@ spec:
       containers:
 {{- if and .Values.app.spire.enabled .Values.app.spire.sidecars }}
       - name: spiffe-helper
-        image: {{ .Values.app.images.spiffeHelper.name }}:{{ .Values.app.images.spiffeHelper.tag }}
+        image: {{ template "qtodo.image" .Values.app.images.spiffeHelper }}
         imagePullPolicy: {{ .Values.app.images.spiffeHelper.pullPolicy }}
         args:
           - '-config'
@@ -93,7 +93,7 @@ spec:
           - name: svids
             mountPath: /svids
       - name: spiffe-vault-client
-        image: {{ .Values.app.images.spiffeVaultClient.name }}:{{ .Values.app.images.spiffeVaultClient.tag }}
+        image: {{ template "qtodo.image" .Values.app.images.spiffeVaultClient }}
         imagePullPolicy: {{ .Values.app.images.spiffeVaultClient.pullPolicy }}
         command:
         - python3
@@ -124,7 +124,7 @@ spec:
           readOnly: true
 {{- end }}
       - name: qtodo
-        image: {{ .Values.app.images.main.name }}:{{ .Values.app.images.main.tag }}
+        image: {{ template "qtodo.image" .Values.app.images.main }}
         imagePullPolicy: {{ .Values.app.images.main.pullPolicy }}
         ports:
         - containerPort: 8080

charts/qtodo/templates/postgresql-statefulset.yaml

@@ -25,7 +25,7 @@ spec:
     spec:
       containers:
       - name: postgres
-        image: registry.redhat.io/rhel8/postgresql-16
+        image: {{ template "qtodo.image" .Values.app.images.postgresql }}
         imagePullPolicy: IfNotPresent
         env:
         - name: POSTGRESQL_DATABASE

charts/qtodo/values.yaml

@@ -11,7 +11,7 @@ app:
   images:
     main:
       name: quay.io/validatedpatterns/qtodo
-      tag: latest
+      version: latest
       # Modified to Always to force a pull so we can test changes to the container image without requiring manual deletion of images or restarts of argo
       pullPolicy: Always
       registry:
@@ -23,11 +23,15 @@ app:
         passwordVaultKey: password
     spiffeHelper:
       name: ghcr.io/spiffe/spiffe-helper
-      tag: 0.10.1
+      version: 0.10.1
       pullPolicy: IfNotPresent
     spiffeVaultClient:
       name: registry.redhat.io/ubi9/python-311
-      tag: latest
+      version: latest
+      pullPolicy: IfNotPresent
+    postgresql:
+      name: registry.redhat.io/rhel8/postgresql-16
+      version: latest
       pullPolicy: IfNotPresent
 
   oidc:

values-hub.yaml

@@ -351,7 +351,9 @@ clusterGroup:
           value: secret/data/global/qtodo
         # For UC-02, we changed the qtodo image to use the one built in the secure supply chain
         # - name: app.images.main.name
-        #   value: quay-registry-quay-quay-enterprise.apps.hub.example.com/org/qtodo
+        #   value: quay-registry-quay-quay-enterprise.apps.{{ $.Values.global.clusterDomain }}/ztvp/qtodo
+        # - name: app.images.main.version
+        #   value: latest
         # Uncomment to enable registry authentication
         # - name: app.images.main.registry.auth
         #   value: true