# Use the proxy registry with Helm CLI installations

This topic describes how to configure your application to use the Replicated proxy registry with Helm CLI installations. For more information about the proxy registry, see [About the Replicated Proxy Registry](private-images-about). For more information about installing applications distributed with Replicated using Helm, see [About Helm Installations with Replicated](/vendor/helm-install-overview).

## Overview

During Helm CLI installations with Replicated, after customers provide their unique license ID, a `global.replicated.dockerconfigjson` field that contains a base64 encoded Docker configuration file is automatically injected in the Helm chart values. For more information about how Kubernetes uses the `kubernetes.io/dockerconfigjson` Secret type to provide authentication for a private registry, see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) in the Kubernetes documentation.

The [Replicated SDK](/vendor/replicated-sdk-overview) automatically uses this value to create an image pull secret named `enterprise-pull-secret`. You can configure your Helm chart to use `enterprise-pull-secret` to authenticate with the Replicated proxy registry so that your application images can be proxied.

:::note
The image used by the Replicated SDK is automatically proxied through the proxy registry. No additional configuration is required.
:::

## Prerequisite

Include the Replicated SDK version 1.15.0 or later as a dependency of your Helm chart. See [Install the SDK as a Subchart](replicated-sdk-installing#install-the-sdk-as-a-subchart) in _Install the Replicated SDK_.

If you want to create your own pull secret instead of using the `enterprise-pull-secret` created by the SDK (such as if you manage the pull secret externally), see [(Optional) Create Your Own Pull Secret](#create-pull-secret) on this page.

## Configure your application to use the proxy registry {#use-proxy-registry}

To configure your application to use the proxy registry with Helm CLI installations:

1. <StepCreds/>

1. <StepCustomDomain/>

1. <RewriteHelmValues/>

1. <Helper/>

1. <UseHelper/>

1. If your application is deployed as multiple Helm charts, repeat the previous steps to modify image references and add the pull secret for each of your charts.

1. Package your Helm chart and add it to a release. Promote the release to a development channel. See [Managing Releases with Vendor Portal](releases-creating-releases).

1. Install in a development environment to test your changes. See [Install with Helm](/vendor/install-with-helm).

## (Optional) Create your own image pull secret {#create-pull-secret}

You can optionally create your own image pull secret to authenticate with the Replicated proxy registry instead of using the `enterprise-pull-secret` that is automatically created by the Replicated SDK. You might want to create your own pull secret if you manage the pull secret externally.

To create a pull secret for the proxy registry:

1. In your Helm chart `values.yaml` file, set the Replicated SDK's [`createPullSecret`](https://github.com/replicatedhq/replicated-sdk/blob/main/chart/values.yaml#L181C1-L181C23) value to `false`. When `createPullSecret` is false, the SDK does not automatically create the `enterprise-pull-secret` during installation.

   ```yaml
   # Your Helm chart values.yaml

   replicated:
     createPullSecret: false
   ``` 

1. In your Helm chart templates, add a YAML file that evaluates if the `global.replicated.dockerconfigjson` value is set, and then writes the rendered value into a Secret on the cluster, as shown below.

   The following example names the Secret `enterprise-pull-secret`. If you use a different name, be sure to update any Helm helpers and image references in your chart accordingly. Do not use `replicated` for the name of the image pull secret because the Replicated SDK automatically creates a Secret named `replicated`. Using the same name causes an error.

   ```yaml
   # templates/enterprise-pull-secret.yaml

   {{- $global := default dict .Values.global -}}
   {{- $replicated := default dict (index $global "replicated") -}}
   {{- if hasKey $replicated "dockerconfigjson" }}
   apiVersion: v1
   kind: Secret
   metadata:
     name: enterprise-pull-secret
   type: kubernetes.io/dockerconfigjson
   data:
     .dockerconfigjson: {{ .Values.global.replicated.dockerconfigjson }}
   {{ end }}
   ```

1. Complete the steps in [Configure Your Application to Pull Images Through the Proxy Registry](#use-proxy-registry) to create and use a Helm helper to add the `enterprise-pull-secret` that you created to image references in your chart.