From 142a00230f49effa17eb1e1bc7523d80df6678a7 Mon Sep 17 00:00:00 2001
From: Andrew Block <andy.block@gmail.com>
Date: Fri, 30 Jan 2026 02:31:42 -0600
Subject: [PATCH] Corrections to rendering templatized values into partial plus
 ignore generated pull secrets

Signed-off-by: Andrew Block <andy.block@gmail.com>
---
 charts/qtodo/templates/_helpers.tpl                |  6 +++---
 charts/qtodo/templates/app-deployment.yaml         | 10 +++++-----
 charts/qtodo/templates/postgresql-statefulset.yaml |  2 +-
 values-hub.yaml                                    |  5 +++++
 4 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/charts/qtodo/templates/_helpers.tpl b/charts/qtodo/templates/_helpers.tpl
index d6f8c01b..3666c0a0 100644
--- a/charts/qtodo/templates/_helpers.tpl
+++ b/charts/qtodo/templates/_helpers.tpl
@@ -2,9 +2,9 @@
 Create the image path for the passed in image field
 */}}
 {{- define "qtodo.image" -}}
-{{- if eq (substr 0 7 .version) "sha256:" -}}
-{{- printf "%s@%s" (tpl .name .) (tpl .version .) -}}
+{{- if eq (substr 0 7 (tpl .value.version .context)) "sha256:" -}}
+{{- printf "%s@%s" (tpl .value.name .context) (tpl .value.version .context) -}}
 {{- else -}}
-{{- printf "%s:%s" (tpl .name .) (tpl .version .) -}}
+{{- printf "%s:%s" (tpl .value.name .context) (tpl .value.version .context) -}}
 {{- end -}}
 {{- end -}}
diff --git a/charts/qtodo/templates/app-deployment.yaml b/charts/qtodo/templates/app-deployment.yaml
index 2a59bd76..3dfa0ea6 100644
--- a/charts/qtodo/templates/app-deployment.yaml
+++ b/charts/qtodo/templates/app-deployment.yaml
@@ -88,7 +88,7 @@ spec:
             mountPath: /etc/pki/ca-trust/extracted/pem
             readOnly: true
       - name: init-spiffe-helper
-        image: {{ template "qtodo.image" .Values.app.images.spiffeHelper }}
+        image: {{ template "qtodo.image" (dict "value" .Values.app.images.spiffeHelper "context" $) }}
         imagePullPolicy: {{ .Values.app.images.spiffeHelper.pullPolicy }}
         args:
           - '-config'
@@ -105,7 +105,7 @@ spec:
           - name: svids
             mountPath: /svids
       - name: init-spiffe-vault-client
-        image: {{ template "qtodo.image" .Values.app.images.spiffeVaultClient }}
+        image: {{ template "qtodo.image" (dict "value" .Values.app.images.spiffeVaultClient "context" $) }}
         imagePullPolicy: {{ .Values.app.images.spiffeVaultClient.pullPolicy }}
         command:
           - python3
@@ -140,7 +140,7 @@ spec:
       containers:
 {{- if and .Values.app.spire.enabled .Values.app.spire.sidecars }}
       - name: spiffe-helper
-        image: {{ template "qtodo.image" .Values.app.images.spiffeHelper }}
+        image: {{ template "qtodo.image" (dict "value" .Values.app.images.spiffeHelper "context" $) }}
         imagePullPolicy: {{ .Values.app.images.spiffeHelper.pullPolicy }}
         args:
           - '-config'
@@ -157,7 +157,7 @@ spec:
           - name: svids
             mountPath: /svids
       - name: spiffe-vault-client
-        image: {{ template "qtodo.image" .Values.app.images.spiffeVaultClient }}
+        image: {{ template "qtodo.image" (dict "value" .Values.app.images.spiffeVaultClient "context" $) }}
         imagePullPolicy: {{ .Values.app.images.spiffeVaultClient.pullPolicy }}
         command:
         - python3
@@ -193,7 +193,7 @@ spec:
           readOnly: true
 {{- end }}
       - name: qtodo
-        image: {{ template "qtodo.image" .Values.app.images.main }}
+        image: {{ template "qtodo.image" (dict "value" .Values.app.images.main "context" $) }}
         imagePullPolicy: {{ .Values.app.images.main.pullPolicy }}
         ports:
         - containerPort: 8080
diff --git a/charts/qtodo/templates/postgresql-statefulset.yaml b/charts/qtodo/templates/postgresql-statefulset.yaml
index 7f6890ec..52e99db0 100644
--- a/charts/qtodo/templates/postgresql-statefulset.yaml
+++ b/charts/qtodo/templates/postgresql-statefulset.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       containers:
       - name: postgres
-        image: {{ template "qtodo.image" .Values.app.images.postgresql }}
+        image: {{ template "qtodo.image" (dict "value" .Values.app.images.postgresql "context" $) }}
         imagePullPolicy: IfNotPresent
         env:
         - name: POSTGRESQL_DATABASE
diff --git a/values-hub.yaml b/values-hub.yaml
index d23cc8ce..cd5ad94d 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -393,6 +393,11 @@ clusterGroup:
       namespace: qtodo
       project: hub
       path: charts/qtodo
+      ignoreDifferences:
+        - group: ""
+          kind: ServiceAccount
+          jqPathExpressions:
+            - .imagePullSecrets[]|select(.name | contains("-dockercfg-"))
       overrides:
         - name: app.oidc.enabled
           value: true