# Helm global.replicated values schema

This topic describes the `global.replicated` values that are injected into a Helm chart's `values.yaml` by the Replicated registry. The information in this topic applies to Helm CLI installations with Replicated.

## Overview

During Helm CLI installations with Replicated, the application Helm chart(s) are pulled from the Replicated registry. When an authenticated user pulls a chart from the Replicated registry (with `helm pull`, `helm install`, or `helm upgrade`, or from any OCI-compatible client), the Replicated registry injects customer-specific values into the `global.replicated` key of the chart's `values.yaml` file before serving the chart.

These customer-specific values that are injected into the `global.replicated` key include:

* The fields in the customer's license, such as the field names, descriptions, signatures, values, and any custom license fields that you define. Vendors can use this license information to check entitlements before the application is installed. For more information, see [Check Entitlements in Helm Charts Before Deployment](/vendor/licenses-reference-helm).

* A base64-encoded Docker configuration file (`global.replicated.dockerconfigjson`) that contains registry authentication credentials. To proxy images from an external private registry with the Replicated proxy registry, you use this `global.replicated.dockerconfigjson` field to create an image pull secret for the proxy registry. For more information, see [Use the Proxy Registry with Helm CLI Installations](/vendor/helm-image-registry).

The following is an example of a Helm values file containing the `global.replicated` values:

```yaml
# Helm values.yaml
global:
  replicated:
    channelName: Stable
    customerEmail: username@example.com
    customerName: Example Customer
    dockerconfigjson: eyJhdXRocyI6eyJd1dIRk5NbEZFVGsxd2JGUmFhWGxYWm5scloyNVRSV1pPT2pKT2NGaHhUVEpSUkU1...
    licenseFields:
      expires_at:
        description: License Expiration
        name: expires_at
        signature:
          v1: iZBpESXx7fpdtnbMKingYHiJH42rP8fPs0x8izy1mODckGBwVoA... 
        title: Expiration
        value: "2023-05-30T00:00:00Z"
        valueType: String
    licenseID: YiIXRTjiB7R...
    licenseType: dev
```

## `global.replicated` Values schema

The `global.replicated` values schema contains the following fields:

| Field | Type | Description |
| --- | --- | --- |
| `channelName` | String | The name of the release channel |
| `customerEmail` | String | The email address of the customer |
| `customerName` | String | The name of the customer |
| `dockerconfigjson` | String | Base64 encoded docker config json for pulling images |
| `licenseFields`| | A list containing each license field in the customer's license. Each element under `licenseFields` has the following properties: `description`, `signature`, `title`, `value`, `valueType`. `expires_at` is the default `licenseField` that all licenses include. Other elements under `licenseField` include the custom license fields added by vendors in the Vendor Portal. For more information, see [Manage Customer License Fields](/vendor/licenses-adding-custom-fields). |
| `licenseFields.[FIELD_NAME].description` | String | Description of the license field |
| `licenseFields.[FIELD_NAME].signature.v1` | Object | Signature of the license field |
| `licenseFields.[FIELD_NAME].title` | String | Title of the license field |
| `licenseFields.[FIELD_NAME].value` | String | Value of the license field |
| `licenseFields.[FIELD_NAME].valueType` | String | Type of the license field value |
| `licenseID` | String | The unique identifier for the license |
| `licenseType` | String | The type of license, such as "dev" or "prod". For more information, see [Customer Types](/vendor/licenses-about#customer-types) in _About Customers and Licensing_. |

## About securely storing charts in git

For Helm charts distributed with Replicated, teams should take caution when storing the chart's `values.yaml` file in Git. This is because the Helm chart tarball that is pulled from the Replicated registry contains secrets and other customer-specific values, including the `global.replicated.dockerconfigjson` registry authentication credentials and customer license data.

For teams that use GitOps or other CI/CD workflows to deploy Helm charts, Replicated recommends that you do one of the following to avoid accidentally exposing secrets or sensitive data in Git:

* Pull the Helm chart at deploy time only, rather than committing the chart in Git

* Alternatively, remove the `global.replicated` values from the chart's `values.yaml` file before committing the chart. Then re-inject the `global.replicated` values at deploy time using a secret manager.

## Replicated SDK Helm values

When a user installs a Helm chart that includes the Replicated SDK as a dependency, the SDK injects a set of `replicated` values in the parent chart's values file. These values include:
* Details about the given application release from the Vendor Portal, such as the version label, channel release sequence, and the release images.
* Details about the customer license, including the complete YAML representation of the customer license. For more information, see [Replicated SDK `replicated.license` Value](#replicated-sdk-replicatedlicense-value) on this page.
* Details about the SDK deployment, such as the Replicated SDK image location and properties, container resource requirements that control CPU and memory allocation, and the pod and container security context.
* Customizable settings for the SDK, such as RBAC settings, custom labels and annotations applied to the SDK Helm chart, and high availability (HA) deployment settings. For more information about how to customize the Replicated SDK, see [Customize the Replicated SDK](/vendor/replicated-sdk-customizing).

For the complete list of Replicated SDK Helm values, see the [`values.yaml`](https://github.com/replicatedhq/replicated-sdk/blob/main/chart/values.yaml) file for the SDK Helm chart in GitHub.

### Example

The following is an example of Replicated SDK `replicated` values for an application named NGINX that was installed in a cluster with Helm. These values are injected in the `values.yaml` file for the parent Helm chart of the NGINX application.

```yaml
# nginx parent Helm chart values.yaml file

replicated:
  affinity: null
  appID: ""
  appName: NGINX
  automountServiceAccountToken: false
  channelID: 38FsA8b1C8LP6Ifzql89MGXYGwx
  channelName: Unstable
  channelSequence: 5
  clusterRole: ""
  commonAnnotations: {}
  commonLabels: {}
  isAirgap: false
  # ... several additional values ommitted for brevity
  readOnlyMode: false
  reportAllImages: false
  resources:
    limits:
      cpu: 500m
      memory: 500Mi
    requests:
      cpu: 100m
      memory: 100Mi
  restartPolicy: Always
  schedulerName: ""
  service:
    port: 3000
    type: ClusterIP
  serviceAccountName: ""
  statusInformers: null
  terminationGracePeriodSeconds: 30
  tlsCertSecretName: ""
  tolerations: []
  topologySpreadConstraints: []
  versionLabel: 0.0.2
```

### Replicated SDK `replicated.license` value

The Replicated SDK includes a `replicated.license` value that contains a YAML representation of the customer license. For more information about the built-in fields included in all Replicated licenses, see [Built-In License Fields](/vendor/licenses-using-builtin-fields).

The following shows an example of the `replicated.license` value for a customer named Nitflex:

```yaml
# nginx parent Helm chart values.yaml file

replicated:
  # YAML representation of the customer's license
  license: |
    apiVersion: kots.io/v1beta1
    kind: License
    metadata:
        name: nitflex
    spec:
      appSlug: nginx-shark
      channelID: 38FsA8b1C8LP6Ifzql89MGXYGwx
      channelName: Unstable
      channels:
        - channelID: 38FsA8b1C8LP6Ifzql89MGXYGwx
          channelName: Unstable
          channelSlug: unstable
          endpoint: https://replicated.app
          isDefault: true
          isSemverRequired: true
          replicatedProxyDomain: proxy.replicated.com
      customerEmail: paige@replicated.com
      customerName: Nitflex
      endpoint: https://replicated.app
      entitlements:
        activeUsers:
          signature:
            v1: eyJsaWNlbnNlRGF0Y...
          title: Active Users
          value: 25
          valueType: Integer
        expires_at:
          description: License Expiration
          signature:
            v1: eyJsaWNlbnNlRGF0Y...
          title: Expiration
          value: ""
          valueType: String
      isAirgapSupported: true
      isEmbeddedClusterDownloadEnabled: true
      isSemverRequired: true
      isSupportBundleUploadSupported: true
      licenseID: 38FtQgjZqjRFAxUnVJXGrlGi2X7
      licenseSequence: 4
      licenseType: dev
      replicatedProxyDomain: proxy.replicated.com
      signature: eyJsaWNlbnNlRGF0Y...
```

The Replicated SDK reads its configuration from Helm values only and does not support reading from Kubernetes Secrets or CSI-mounted volumes. Any values used by the SDK must be set in the chart's `values.yaml` or with the `--set` flag during deployment.