Skip to main content
image.host
string
default:""
Container registry hostname where the CrewAI Platform image is hosted.Default: "" (empty) - Automatically uses global.imageRegistry valueFallback Behavior:When image.host is empty or not set, the chart uses global.imageRegistry (default: "images.crewai.com"). This simplifies configuration by allowing you to set the registry once at the global level.When imageNamePrefixOverride is Set:The image name is automatically simplified:
  • Original: proxy/crewai/crewai/crewai-enterprise-platform
  • With imageNamePrefixOverride: "crewai/" becomes: crewai/crewai-enterprise-platform
See global.imageNamePrefixOverride for details.Common Values:
  • "" - Use global.imageRegistry (recommended)
  • "images.crewai.com" - Replicated proxy registry (explicit override)
  • "docker.io" - Docker Hub
  • "ghcr.io" - GitHub Container Registry
  • Any private registry hostname
Example - Using Global Default:
global:
  imageRegistry: "registry.company.com"

image:
  host: "" # Automatically uses registry.company.com
Example - Component-Specific Override:
global:
  imageRegistry: "registry.company.com"

image:
  host: "special-registry.company.com" # Override for main image only
image.name
string
default:"proxy/crewai/crewai/crewai-enterprise-platform"
Full image name including any registry-specific paths.Format: [registry-path/]organization/repositoryDefault: "proxy/crewai/crewai/crewai-enterprise-platform" - Matches Replicated proxy path structurePath Transformation:When global.imageNamePrefixOverride is set, only the final component (crewai-enterprise-platform) is used with the override prefix.
image.tag
string
default:"0.12.1"
Container image tag to deploy.Common Values:
  • "latest" - Latest stable release
  • "next" - Development/preview builds
  • "0.12.1" - Current version (default)
Production Recommendation: Always use specific version tags (e.g., "0.12.0", "1.2.3") instead of "latest" or "next" to ensure deployment consistency and enable rollback.
image.pullPolicy
string
default:"IfNotPresent"
Kubernetes image pull policy.Valid Values:
  • "Always" - Pull image on every pod start
  • "IfNotPresent" - Pull only if image not present locally
  • "Never" - Never pull, use local image only
Production Recommendation: Use "Always" with specific tags to ensure you get the correct image version, or "IfNotPresent" to reduce registry load if using immutable tags.
image.pullSecret
string
default:"docker-registry"
Name of the Kubernetes secret containing container registry credentials.Important: It is not recommended to set this value manually. When deployed via Replicated KOTS, the docker-registry secret is automatically created with the necessary credentials including Replicated proxy credentials and any additional registries configured in image.registries.Manual Configuration (Non-Replicated Deployments):
kubectl create secret docker-registry docker-registry \
  --docker-server=your-registry.com \
  --docker-username=your-username \
  --docker-password=your-password
image.registries
array
default:"[]"
Additional container registries requiring authentication. Credentials are merged with the Replicated proxy credentials.Schema:Two authentication methods are supported:Method 1: Username/Password (Static Credentials)
image:
  registries:
    - host: "registry.company.com"
      username: "user"
      password: "pass"
    - host: "docker.io"
      username: "dockeruser"
      password: "dockertoken"
Method 2: Credential Helper (Recommended for Cloud Registries)
image:
  registries:
    - host: "123456789012.dkr.ecr.us-west-2.amazonaws.com"
      credHelper: "ecr-login"
Credential Helper Benefits:
  • No static credentials in configuration
  • Automatic token refresh
  • Uses pod IAM/workload identity
  • More secure for cloud registries
Common Credential Helpers:
  • "ecr-login" - AWS ECR (requires IRSA or instance role)
Use Cases:
  • Pulling images from multiple private registries
  • Using Docker Hub for public images with rate limit authentication
  • Accessing internal company registries
  • Cloud-native authentication for AWS ECR