From a822163d59fddf25a60a9e667b51dca34a56ab55 Mon Sep 17 00:00:00 2001
From: Shane Wu <wushiyuan90@gmail.com>
Date: Wed, 13 Nov 2024 09:33:53 -0500
Subject: [PATCH] Allow Helm Chart deploy image from digest

GKE Binary Authorization only supports image pull by digest - [Ref](https://cloud.google.com/binary-authorization/docs/deploying-containers#deploy_the_container_image)
* if `.values.reloader.deployment.image.digest` is defined, pull image from digest
* otherwise pull image from tag
---
 .../kubernetes/chart/reloader/templates/deployment.yaml   | 8 ++++++--
 deployments/kubernetes/chart/reloader/values.yaml         | 1 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/deployments/kubernetes/chart/reloader/templates/deployment.yaml b/deployments/kubernetes/chart/reloader/templates/deployment.yaml
index 188c85832..edf2c22bb 100644
--- a/deployments/kubernetes/chart/reloader/templates/deployment.yaml
+++ b/deployments/kubernetes/chart/reloader/templates/deployment.yaml
@@ -75,9 +75,13 @@ spec:
       containers:
       {{- if $.Values.global.imageRegistry }}
       - image: "{{ $.Values.global.imageRegistry }}/{{ .Values.reloader.deployment.image.base }}:{{ .Values.reloader.deployment.image.tag }}"
-{{- else }}
+      {{- else }}
+      {{- if .Values.reloader.deployment.image.digest }}
+      - image: "{{ .Values.reloader.deployment.image.name }}@{{ .Values.reloader.deployment.image.digest }}"
+      {{- else }}
       - image: "{{ .Values.reloader.deployment.image.name }}:{{ .Values.reloader.deployment.image.tag }}"
-{{- end }}
+      {{- end }}
+      {{- end }}
         imagePullPolicy: {{ .Values.reloader.deployment.image.pullPolicy }}
         name: {{ template "reloader-fullname" . }}
         env:
diff --git a/deployments/kubernetes/chart/reloader/values.yaml b/deployments/kubernetes/chart/reloader/values.yaml
index bdc121c51..ae9bc7bd3 100644
--- a/deployments/kubernetes/chart/reloader/values.yaml
+++ b/deployments/kubernetes/chart/reloader/values.yaml
@@ -99,6 +99,7 @@ reloader:
       name: ghcr.io/stakater/reloader
       base: stakater/reloader
       tag: v1.0.121
+      # digest: sha256:1234567
       pullPolicy: IfNotPresent
     # Support for extra environment variables.
     env: