diff --git a/blueprints/secops/bindplane-gke/README.md b/blueprints/secops/bindplane-gke/README.md
index 85de48b36d..a89beeb99a 100644
--- a/blueprints/secops/bindplane-gke/README.md
+++ b/blueprints/secops/bindplane-gke/README.md
@@ -108,16 +108,16 @@ Access the management console leveraging credentials bootstrapped via terraform
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [bindplane_secrets](variables.tf#L26) | Bindplane secrets. | object({…}) | ✓ | |
-| [network_config](variables.tf#L57) | Shared VPC network configurations to use for GKE cluster. | object({…}) | ✓ | |
-| [prefix](variables.tf#L79) | Prefix used for resource names. | string | ✓ | |
-| [project_id](variables.tf#L98) | Project id, references existing project if `project_create` is null. | string | ✓ | |
-| [region](variables.tf#L103) | GCP region. | string | ✓ | |
-| [bindplane_config](variables.tf#L17) | Bindplane config. | object({…}) | | {} |
-| [cluster_config](variables.tf#L36) | GKE cluster configuration. | object({…}) | | {} |
-| [dns_config](variables.tf#L47) | DNS config. | object({…}) | | {} |
-| [postgresql_config](variables.tf#L69) | Cloud SQL postgresql config. | object({…}) | | {} |
-| [project_create](variables.tf#L89) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null |
+| [bindplane_secrets](variables.tf#L27) | Bindplane secrets. | object({…}) | ✓ | |
+| [network_config](variables.tf#L58) | Shared VPC network configurations to use for GKE cluster. | object({…}) | ✓ | |
+| [prefix](variables.tf#L80) | Prefix used for resource names. | string | ✓ | |
+| [project_id](variables.tf#L99) | Project id, references existing project if `project_create` is null. | string | ✓ | |
+| [region](variables.tf#L104) | GCP region. | string | ✓ | |
+| [bindplane_config](variables.tf#L17) | Bindplane config. | object({…}) | | {} |
+| [cluster_config](variables.tf#L37) | GKE cluster configuration. | object({…}) | | {} |
+| [dns_config](variables.tf#L48) | DNS config. | object({…}) | | {} |
+| [postgresql_config](variables.tf#L70) | Cloud SQL postgresql config. | object({…}) | | {} |
+| [project_create](variables.tf#L90) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null |
## Outputs
diff --git a/blueprints/secops/bindplane-gke/config/values.yaml.tpl b/blueprints/secops/bindplane-gke/config/values.yaml.tpl
index a6098a9355..496f1e160b 100644
--- a/blueprints/secops/bindplane-gke/config/values.yaml.tpl
+++ b/blueprints/secops/bindplane-gke/config/values.yaml.tpl
@@ -34,6 +34,13 @@ config:
# of pods is recommended.
replicas: 2
+image:
+ # -- Image name to be used. Defaults to `ghcr.io/observiq/bindplane-ee`.
+ name: ""
+ # Overrides the image tag whose default is {{ .Chart.AppVersion }}
+ # -- Image tag to use. Defaults to the version defined in the Chart's release.
+ tag: ${tag}
+
resources:
# Allow cpu bursting by leaving limits.cpu unset
requests:
diff --git a/blueprints/secops/bindplane-gke/main.tf b/blueprints/secops/bindplane-gke/main.tf
index 4e0b12c342..6f84c781db 100644
--- a/blueprints/secops/bindplane-gke/main.tf
+++ b/blueprints/secops/bindplane-gke/main.tf
@@ -215,6 +215,7 @@ resource "helm_release" "bindplane" {
gcp_project_id = module.project.project_id
hostname = "${var.dns_config.hostname}.${var.dns_config.domain}"
address = "ingress"
+ tag = var.bindplane_config.image_tag
})]
depends_on = [
diff --git a/blueprints/secops/bindplane-gke/variables.tf b/blueprints/secops/bindplane-gke/variables.tf
index 973c5db189..2b2ca5e115 100644
--- a/blueprints/secops/bindplane-gke/variables.tf
+++ b/blueprints/secops/bindplane-gke/variables.tf
@@ -17,6 +17,7 @@
variable "bindplane_config" {
description = "Bindplane config."
type = object({
+ image_tag = optional(string, "")
tls_certificate_cer = optional(string, null)
tls_certificate_key = optional(string, null)
})