Helm global.replicated Values Schema
This topic describes the global.replicated values that are injected into a Helm chart's values.yaml by the Replicated registry. The information in this topic applies to Helm CLI installations with Replicated.
Overview
During Helm CLI installations with Replicated, the application Helm chart(s) are pulled from the Replicated registry. When an authenticated user pulls a chart from the Replicated registry (with helm pull, helm install, or helm upgrade, or from any OCI-compatible client), the Replicated registry injects customer-specific values into the global.replicated key of the chart's values.yaml file before serving the chart.
These customer-specific values that are injected into the global.replicated key include:
-
The fields in the customer's license, such as the field names, descriptions, signatures, values, and any custom license fields that you define. Vendors can use this license information to check entitlements before the application is installed. For more information, see Check Entitlements in Helm Charts Before Deployment.
-
A base64-encoded Docker configuration file (
global.replicated.dockerconfigjson) that contains registry authentication credentials. To proxy images from an external private registry with the Replicated proxy registry, you use thisglobal.replicated.dockerconfigjsonfield to create an image pull secret for the proxy registry. For more information, see Use the Proxy Registry with Helm CLI Installations.
The following is an example of a Helm values file containing the global.replicated values:
# Helm values.yaml
global:
replicated:
channelName: Stable
customerEmail: username@example.com
customerName: Example Customer
dockerconfigjson: eyJhdXRocyI6eyJd1dIRk5NbEZFVGsxd2JGUmFhWGxYWm5scloyNVRSV1pPT2pKT2NGaHhUVEpSUkU1...
licenseFields:
expires_at:
description: License Expiration
name: expires_at
signature:
v1: iZBpESXx7fpdtnbMKingYHiJH42rP8fPs0x8izy1mODckGBwVoA...
title: Expiration
value: "2023-05-30T00:00:00Z"
valueType: String
licenseID: YiIXRTjiB7R...
licenseType: dev
global.replicated Values Schema
The global.replicated values schema contains the following fields:
| Field | Type | Description |
|---|---|---|
channelName | String | The name of the release channel |
customerEmail | String | The email address of the customer |
customerName | String | The name of the customer |
dockerconfigjson | String | Base64 encoded docker config json for pulling images |
licenseFields | A list containing each license field in the customer's license. Each element under licenseFields has the following properties: description, signature, title, value, valueType. expires_at is the default licenseField that all licenses include. Other elements under licenseField include the custom license fields added by vendors in the Vendor Portal. For more information, see Manage Customer License Fields. | |
licenseFields.[FIELD_NAME].description | String | Description of the license field |
licenseFields.[FIELD_NAME].signature.v1 | Object | Signature of the license field |
licenseFields.[FIELD_NAME].title | String | Title of the license field |
licenseFields.[FIELD_NAME].value | String | Value of the license field |
licenseFields.[FIELD_NAME].valueType | String | Type of the license field value |
licenseID | String | The unique identifier for the license |
licenseType | String | The type of license, such as "dev" or "prod". For more information, see Customer Types in About Customers and Licensing. |
About Securely Storing Charts in Git
For Helm charts distributed with Replicated, teams should take caution when storing the chart's values.yaml file in Git. This is because the Helm chart tarball that is pulled from the Replicated registry contains secrets and other customer-specific values, including the global.replicated.dockerconfigjson registry authentication credentials and customer license data.
For teams that use GitOps or other CI/CD workflows to deploy Helm charts, Replicated recommends that you do one of the following to avoid accidentally exposing secrets or sensitive data in Git:
-
Pull the Helm chart at deploy time only, rather than committing the chart in Git
-
Alternatively, remove the
global.replicatedvalues from the chart'svalues.yamlfile before committing the chart. Then re-inject theglobal.replicatedvalues at deploy time using a secret manager.
Replicated SDK Helm Values
When a user installs a Helm chart that includes the Replicated SDK as a dependency, the SDK injects a set of replicated values in the parent chart's values file. These values include:
- Details about the given application release from the Vendor Portal, such as the version label, channel release sequence, and the release images.
- Details about the customer license, including the complete YAML representation of the customer license. For more information, see Replicated SDK
replicated.licenseValue on this page. - Details about the SDK deployment, such as the Replicated SDK image location and properties, container resource requirements that control CPU and memory allocation, and the pod and container security context.
- Customizable settings for the SDK, such as RBAC settings, custom labels and annotations applied to the SDK Helm chart, and high availability (HA) deployment settings. For more information about how to customize the Replicated SDK, see Customize the Replicated SDK.
For the complete list of Replicated SDK Helm values, see the values.yaml file for the SDK Helm chart in GitHub.
Example
The following is an example of Replicated SDK replicated values for an application named NGINX that was installed in a cluster with Helm. These values are injected in the values.yaml file for the parent Helm chart of the NGINX application.
# NGINX parent Helm chart values.yaml file
replicated:
affinity: null
appID: ""
appName: NGINX
automountServiceAccountToken: false
channelID: 38FsA8b1C8LP6Ifzql89MGXYGwx
channelName: Unstable
channelSequence: 5
clusterRole: ""
commonAnnotations: {}
commonLabels: {}
isAirgap: false
# ... several additional values ommitted for brevity
reportAllImages: false
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 100Mi
restartPolicy: Always
schedulerName: ""
service:
port: 3000
type: ClusterIP
serviceAccountName: ""
statusInformers: null
terminationGracePeriodSeconds: 30
tlsCertSecretName: ""
tolerations: []
topologySpreadConstraints: []
versionLabel: 0.0.2
Replicated SDK replicated.license Value
The Replicated SDK includes a replicated.license value that contains a YAML representation of the customer license. For more information about the built-in fields included in all Replicated licenses, see Built-In License Fields.
The following shows an example of the replicated.license value for a customer named Nitflex:
# NGINX parent Helm chart values.yaml file
replicated:
# YAML representation of the customer's license
license: |
apiVersion: kots.io/v1beta1
kind: License
metadata:
name: nitflex
spec:
appSlug: nginx-shark
channelID: 38FsA8b1C8LP6Ifzql89MGXYGwx
channelName: Unstable
channels:
- channelID: 38FsA8b1C8LP6Ifzql89MGXYGwx
channelName: Unstable
channelSlug: unstable
endpoint: https://replicated.app
isDefault: true
isSemverRequired: true
replicatedProxyDomain: proxy.replicated.com
customerEmail: paige@replicated.com
customerName: Nitflex
endpoint: https://replicated.app
entitlements:
activeUsers:
signature:
v1: eyJsaWNlbnNlRGF0Y...
title: Active Users
value: 25
valueType: Integer
expires_at:
description: License Expiration
signature:
v1: eyJsaWNlbnNlRGF0Y...
title: Expiration
value: ""
valueType: String
isAirgapSupported: true
isEmbeddedClusterDownloadEnabled: true
isSemverRequired: true
isSupportBundleUploadSupported: true
licenseID: 38FtQgjZqjRFAxUnVJXGrlGi2X7
licenseSequence: 4
licenseType: dev
replicatedProxyDomain: proxy.replicated.com
signature: eyJsaWNlbnNlRGF0Y...
The Replicated SDK reads its configuration from Helm values only and does not support reading from Kubernetes Secrets or CSI-mounted volumes. Any values used by the SDK must be set in the chart's values.yaml or with the --set flag during deployment.