From dd73b7ac0dfe556c93716fce199746780fd7738e Mon Sep 17 00:00:00 2001
From: "aashiq.jacob@ibm.com" <aashiq.jacob@ibm.com>
Date: Mon, 25 Aug 2025 20:45:28 +0530
Subject: [PATCH 1/4] feat: add support for SHA

---
 main.tf      | 12 +++++++++++-
 variables.tf | 13 ++++++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index ef9dbb92..6c4fa522 100644
--- a/main.tf
+++ b/main.tf
@@ -55,7 +55,17 @@ resource "helm_release" "logs_agent" {
   set {
     name  = "image.version"
     type  = "string"
-    value = var.logs_agent_image_version
+    value = split("@", var.logs_agent_image_version)[0]
+  }
+  set {
+    name  = "image.containerSha"
+    type  = "string"
+    value = strcontains(var.logs_agent_image_version, "@") ? split("@", var.logs_agent_image_version)[1] : ""
+  }
+  set {
+    name  = "image.initContainerSha"
+    type  = "string"
+    value = strcontains(var.logs_agent_init_image_version, "@") ? split("@", var.logs_agent_init_image_version)[1] : ""
   }
   set {
     name  = "env.ingestionHost"
diff --git a/variables.tf b/variables.tf
index 67392c01..6ea7f38c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -76,11 +76,22 @@ variable "logs_agent_chart_version" {
   nullable    = false
 }
 
+variable "logs_agent_init_image_version" {
+  description = "The version of the Logs agent init container image to deploy."
+  type        = string
+  default     = "1.6.1@sha256:d2c1bb5a97c0d8950d3dfee016cec4347a6cfa8a43123d9c2eecbdee70500f8b" # datasource: icr.io/ibm/observe/logs-router-agent-init
+  nullable    = false
+}
+
 variable "logs_agent_image_version" {
   description = "The version of the Logs agent image to deploy."
   type        = string
-  default     = "1.6.1" # datasource: icr.io/ibm/observe/logs-agent-helm
+  default     = "1.6.1@sha256:0265b85c698e74dfd9e21ad0332a430a3b398c4f0e590dad314c43b3cd796bce" # datasource: icr.io/ibm/observe/logs-router-agent
   nullable    = false
+  validation {
+    condition     = split("@", var.logs_agent_image_version)[0] == split("@", var.logs_agent_init_image_version)[0]
+    error_message = "The image tags for `logs_agent_init_image_version` and `logs_agent_image_version` should be same."
+  }
 }
 
 variable "logs_agent_name" {

From d797e28c632341f065da47b73caca43907729f8a Mon Sep 17 00:00:00 2001
From: "aashiq.jacob@ibm.com" <aashiq.jacob@ibm.com>
Date: Mon, 25 Aug 2025 20:50:48 +0530
Subject: [PATCH 2/4] update renovate

---
 renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/renovate.json b/renovate.json
index 71db67b2..4bb5b05e 100644
--- a/renovate.json
+++ b/renovate.json
@@ -8,7 +8,7 @@
       "fileMatch": ["variables.tf$"],
       "datasourceTemplate": "docker",
       "matchStrings": [
-        "default\\s*=\\s*\"(?<currentValue>.*)\"\\s*# datasource: (?<depName>[^\\s]+)"
+        "default\\s*=\\s*\"(?<currentValue>[\\w.-]+)@(?<currentDigest>sha256:[a-f0-9]+)\"\\s*# datasource: (?<depName>[^\\s]+)"
       ]
     }
   ]

From c0319764e01ff2e4111644901df17a77c85bf6ee Mon Sep 17 00:00:00 2001
From: "aashiq.jacob@ibm.com" <aashiq.jacob@ibm.com>
Date: Mon, 1 Sep 2025 13:17:19 +0530
Subject: [PATCH 3/4] update

---
 README.md                          | 3 ++-
 examples/logs-agent-ocp/version.tf | 2 +-
 main.tf                            | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 20187336..c617dc49 100644
--- a/README.md
+++ b/README.md
@@ -130,7 +130,8 @@ No modules.
 | <a name="input_logs_agent_iam_api_key"></a> [logs\_agent\_iam\_api\_key](#input\_logs\_agent\_iam\_api\_key) | The IBM Cloud API key for the Logs agent to authenticate and communicate with the IBM Cloud Logs. It is required if `logs_agent_iam_mode` is set to `IAMAPIKey`. | `string` | `null` | no |
 | <a name="input_logs_agent_iam_environment"></a> [logs\_agent\_iam\_environment](#input\_logs\_agent\_iam\_environment) | IAM authentication Environment: `Production` or `PrivateProduction` or `Staging` or `PrivateStaging`. `Production` specifies the public endpoint & `PrivateProduction` specifies the private endpoint. | `string` | `"PrivateProduction"` | no |
 | <a name="input_logs_agent_iam_mode"></a> [logs\_agent\_iam\_mode](#input\_logs\_agent\_iam\_mode) | IAM authentication mode: `TrustedProfile` or `IAMAPIKey`. | `string` | `"TrustedProfile"` | no |
-| <a name="input_logs_agent_image_version"></a> [logs\_agent\_image\_version](#input\_logs\_agent\_image\_version) | The version of the Logs agent image to deploy. | `string` | `"1.6.1"` | no |
+| <a name="input_logs_agent_image_version"></a> [logs\_agent\_image\_version](#input\_logs\_agent\_image\_version) | The version of the Logs agent image to deploy. | `string` | `"1.6.1@sha256:0265b85c698e74dfd9e21ad0332a430a3b398c4f0e590dad314c43b3cd796bce"` | no |
+| <a name="input_logs_agent_init_image_version"></a> [logs\_agent\_init\_image\_version](#input\_logs\_agent\_init\_image\_version) | The version of the Logs agent init container image to deploy. | `string` | `"1.6.1@sha256:d2c1bb5a97c0d8950d3dfee016cec4347a6cfa8a43123d9c2eecbdee70500f8b"` | no |
 | <a name="input_logs_agent_log_source_namespaces"></a> [logs\_agent\_log\_source\_namespaces](#input\_logs\_agent\_log\_source\_namespaces) | The list of namespaces from which logs should be forwarded by agent. If namespaces are not listed, logs from all namespaces will be sent. | `list(string)` | `[]` | no |
 | <a name="input_logs_agent_name"></a> [logs\_agent\_name](#input\_logs\_agent\_name) | The name of the Logs agent. The name is used in all Kubernetes and Helm resources in the cluster. | `string` | `"logs-agent"` | no |
 | <a name="input_logs_agent_namespace"></a> [logs\_agent\_namespace](#input\_logs\_agent\_namespace) | The namespace where the Logs agent is deployed. The default value is `ibm-observe`. | `string` | `"ibm-observe"` | no |
diff --git a/examples/logs-agent-ocp/version.tf b/examples/logs-agent-ocp/version.tf
index 397255ec..2f48bb14 100644
--- a/examples/logs-agent-ocp/version.tf
+++ b/examples/logs-agent-ocp/version.tf
@@ -3,7 +3,7 @@ terraform {
   required_version = ">= 1.9.0"
 
   # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
-  # module's version.tf (logs-agent-iks), and 1 example that will always use the latest provider version (this exammple).
+  # module's version.tf (logs-agent-iks), and 1 example that will always use the latest provider version (this example).
   required_providers {
     ibm = {
       source  = "ibm-cloud/ibm"
diff --git a/main.tf b/main.tf
index 28388e34..b874fb49 100644
--- a/main.tf
+++ b/main.tf
@@ -32,7 +32,7 @@ locals {
     for metadata in var.logs_agent_additional_metadata : {
       (metadata.key) = metadata.value
   }]...) : {}                                                                                                                                       # DO NOT REMOVE "...", it is used to convert list of objects into a single object
-  cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485
+  cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publicly documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485
 }
 
 resource "helm_release" "logs_agent" {

From 8ce3882e82a1fcc90b96e434225a94a7046889f5 Mon Sep 17 00:00:00 2001
From: "aashiq.jacob@ibm.com" <aashiq.jacob@ibm.com>
Date: Wed, 3 Sep 2025 18:34:02 +0530
Subject: [PATCH 4/4] update

---
 ibm_catalog.json                          | 3 +++
 solutions/fully-configurable/main.tf      | 1 +
 solutions/fully-configurable/variables.tf | 9 ++++++++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/ibm_catalog.json b/ibm_catalog.json
index 4cbfa08a..c9dcceb6 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -147,6 +147,9 @@
             {
               "key": "logs_agent_image_version"
             },
+            {
+              "key": "logs_agent_init_image_version"
+            },
             {
               "key": "logs_agent_resources"
             },
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index 797e0597..c70b6391 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -24,6 +24,7 @@ module "logs_agent" {
   logs_agent_chart_location            = var.logs_agent_chart_location
   logs_agent_chart_version             = var.logs_agent_chart_version
   logs_agent_image_version             = var.logs_agent_image_version
+  logs_agent_init_image_version        = var.logs_agent_init_image_version
   logs_agent_name                      = var.logs_agent_name
   logs_agent_namespace                 = var.logs_agent_namespace
   logs_agent_trusted_profile_id        = var.logs_agent_trusted_profile_id
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index 6d9cb9fc..8952cbd2 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -68,10 +68,17 @@ variable "logs_agent_chart_version" {
   nullable    = false
 }
 
+variable "logs_agent_init_image_version" {
+  description = "The version of the Logs agent init container image to deploy."
+  type        = string
+  default     = "1.6.1@sha256:d2c1bb5a97c0d8950d3dfee016cec4347a6cfa8a43123d9c2eecbdee70500f8b" # datasource: icr.io/ibm/observe/logs-router-agent-init
+  nullable    = false
+}
+
 variable "logs_agent_image_version" {
   description = "The version of the Logs agent image to deploy."
   type        = string
-  default     = "1.6.1" # datasource: icr.io/ibm/observe/logs-agent-helm
+  default     = "1.6.1@sha256:0265b85c698e74dfd9e21ad0332a430a3b398c4f0e590dad314c43b3cd796bce" # datasource: icr.io/ibm/observe/logs-router-agent
   nullable    = false
 }