A helm plugin for tracking docker tag hash digests as values
Clone or download
balboah Change method of resolving hashes
Different repositories might not always have the same
metadata hash digest. Use a list of repo hashes instead.
Latest commit 9425eb9 Mar 6, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
cmd/helm-hashtag Change method of resolving hashes Mar 6, 2018
vendor Vendor Mar 2, 2018
.gitignore Initial commit Mar 2, 2018
Gopkg.lock Vendor Mar 2, 2018
Gopkg.toml Vendor Mar 2, 2018
LICENSE Create LICENSE Mar 2, 2018
README.md Change method of resolving hashes Mar 6, 2018
install.sh Initial commit Mar 2, 2018
plugin.yaml Change method of resolving hashes Mar 6, 2018



This plugin stores the docker digest hash of tags locally, as to avoid max tags limitations on 3rd party registries.

The source of truth has to be a Google Container Registry, it is assumed that one repository will be used to lookup digests for all overrides.


The values file needs to contain docker images and tags in the following format:

    repository: eu.gcr.io/foobar/imagename
    tag: foobar

The above value will then be overridden with:

    repository: eu.gcr.io/foobar/imagename@sha256
    tag: <long digest hash>

And stored into a the "hashtag" value file.

Which can then be used as helm values, helm install -f <original-values.yaml> -f <hashtag-values.yaml> ...

Add the repository to the hashtag.yaml

  image: null
# Install the plugin
$ helm plugin install https://github.com/balboah/helm-hashtag --version master

# Update tag hash digest values
$ helm hashtag -f values.yaml --tagfile hashtags.yaml --resolver="https://foobar/path"

# Use the override values
$ helm install -f values.yaml -f hashtags.yaml ...

Resolver format:

The resolver is any http server which serves the correct format.

http GET <resolver-url>/<image>/<tag>


This file content can be generated with:

docker inspect eu.gcr.io/foobar/my-image:tagname -f '{{range .RepoDigests}}{{. | printf "%s\n"}}{{end}}'

Which could be saved in Google Cloud Storage to be used as the resolver:

docker inspect eu.gcr.io/foobar/my-image:tagname -f '{{range .RepoDigests}}{{. | printf "%s\n"}}{{end}}' \
  | gsutil cp - gs://your-bucket-of-tags/my-image/tagname

This will typically be ran in the CI platform that creates the original image.