Skip to content

feat: support tag@digest format#883

Open
mydoomfr wants to merge 1 commit intocodecentric:masterfrom
mydoomfr:feat/keycloakx-tag-digest-format
Open

feat: support tag@digest format#883
mydoomfr wants to merge 1 commit intocodecentric:masterfrom
mydoomfr:feat/keycloakx-tag-digest-format

Conversation

@mydoomfr
Copy link

This PR adds support for the tag@digest format in the image.tag field, enabling compatibility with dependency update tools like Renovate or Dependabot.

Motivation

Renovate and Dependabot can pin container images by digest while preserving the tag for readability. They use the format tag@digest (e.g., 26.5.3@sha256:abc123...). This provides both:

  • Version visibility: The tag remains human-readable
  • Immutability: The digest ensures the exact image is always pulled

Current chart fails with this format because image.tag is used in the app.kubernetes.io/version label:

app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | ... }}

The @ character is invalid in Kubernetes labels, causing deployment to fail:

Error from server (Invalid): metadata.labels: Invalid value: "26.5.2@sha256:abc123":
a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.',
and must start and end with an alphanumeric character

The chart already supports a separate image.digest field, but using tag + digest together is mutually exclusive.

Changes

Added a keycloak.imageVersion helper that extracts the version part (before @) for use in labels. This ensures:

  • Labels remain valid (no @ character)
  • The label reflects the actual image tag being deployed
  • Backward compatibility

@mydoomfr mydoomfr requested a review from a team as a code owner February 11, 2026 20:30
Signed-off-by: Benjamin Pinchon <dev@mdfr.me>
@mydoomfr mydoomfr force-pushed the feat/keycloakx-tag-digest-format branch from c7a8e5a to ca52f36 Compare February 11, 2026 20:30
@jenslehnhoff jenslehnhoff self-assigned this Feb 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants