Edit onboarding flow to rewite image names in helm chart

Author: paigecalvert

docs/partials/proxy-service/_step-inject-pull-secret.mdx

@@ -0,0 +1,42 @@
+In the HelmChart v2 custom resource, configure the `values` key to inject the Replicated image pull secret into your Helm values. This provides authentication for the proxy registry. Use the KOTS [ImagePullSecretName](/reference/template-functions-config-context#imagepullsecretname) template function to get the pull secret name.
+
+    <details>
+    <summary>What is the Replicated image pull secret?</summary>
+    <p>During application deployment, KOTS automatically creates an `imagePullSecret` with `type: kubernetes.io/dockerconfigjson` that is based on the customer license. This secret is used to authenticate with the proxy registry and grant proxy access to private images. For information about how Kubernetes uses the `kubernetes.io/dockerconfigjson` Secret type to authenticate to a private image registry, see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) in the Kubernetes documentation.</p>
+    </details>
+
+    **Example**:
+
+    ```yaml
+    # kots.io/v1beta2 HelmChart custom resource
+
+    apiVersion: kots.io/v1beta2
+    kind: HelmChart
+    metadata:
+      name: samplechart
+    spec:
+      values:
+        image: 
+          # Get the pull secret name with ImagePullSecretName
+          pullSecrets:
+            - name: '{{repl ImagePullSecretName }}'
+    ```
+    Ensure that you provide this pull secret in any Pod definitions that reference images to be pulled through the proxy registry.
+
+    **Example**:
+
+    ```yaml
+    apiVersion: v1
+    kind: Pod
+    metadata:
+      name: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: {{ .Values.image.registry }}/{{ .Values.image.repository }}
+      # Access the value to provide the KOTS pull secret
+      {{- with .Values.image.pullSecrets }}
+      imagePullSecrets:
+      {{- toYaml . | nindent 2 }}
+      {{- end }}
+    ```

docs/partials/proxy-service/_step-rewrite-helm-values.mdx

@@ -0,0 +1,33 @@
+In your Helm chart values file, set your image repository URL to the location of the image on the proxy registry. If you added a custom domain, use your custom domain. Otherwise, use `proxy.replicated.com`.
+
+    The proxy registry URL has the following format: `DOMAIN/proxy/APP_SLUG/EXTERNAL_REGISTRY_IMAGE_URL`
+    
+    Where:
+    * `DOMAIN` is either `proxy.replicated.com` or your custom domain.
+    * `APP_SLUG` is the unique slug of your application.
+    * `EXTERNAL_REGISTRY_IMAGE_URL` is the path to the private image on your external registry.
+    
+    **Example:**
+
+    ```yaml
+    # values.yaml
+    api:
+      image:
+        # proxy.replicated.com or your custom domain
+        registry: proxy.replicated.com
+        repository: proxy/your-app/ghcr.io/cloudnative-pg/cloudnative-pg
+        tag: catalog-1.24.0
+    ```
+
+    Ensure that any references to the image in your Helm chart access the field from your values file.  
+
+    **Example**:
+
+      ```yaml
+      apiVersion: v1
+      kind: Pod
+      spec:
+        containers:
+          - name: api 
+              # Access the registry, repository, and tag fields from the values file
+              image: {{ .Values.images.api.registry }}/{{ .Values.images.api.repository }}:{{ .Values.images.api.tag }}

docs/vendor/replicated-onboarding.mdx

@@ -6,6 +6,9 @@ import Requirements from "../partials/embedded-cluster/_requirements.mdx"
 import SDKOverview from "../partials/replicated-sdk/_overview.mdx"
 import TestYourChanges from "../partials/getting-started/_test-your-changes.mdx"
 import UnauthorizedError from "../partials/replicated-sdk/_401-unauthorized.mdx"
+import StepCreds from "../partials/proxy-service/_step-creds.mdx"
+import RewriteHelmValues from "../partials/proxy-service/_step-rewrite-helm-values.mdx"
+import InjectPullSecret from "../partials/proxy-service/_step-inject-pull-secret.mdx"
 
 # Onboard to the Replicated Platform
 
@@ -83,11 +86,25 @@ To create an application:
    export REPLICATED_APP=my-app
    ```
 
-### Task 2: Connect Your Image Registry
+### Task 2: Rewrite Image Names in Helm Values to Use the Proxy Registry
 
-Add credentials for your image registry to the Vendor Portal. This will allow you to use the Replicated proxy registry in a later step so that you can grant proxy access to application images without exposing registry credentials to your customers.
+Update your Helm values to rewrite image names to use the Replicated proxy registry. The proxy regsitry allows you can grant proxy access to application images without exposing registry credentials to your customers.
 
-For more information, see [Connect to an External Registry](/vendor/packaging-private-images).
+:::note
+You will add a custom domain for the proxy registry as part of [Task 9: Alias Replicated Endpoints with Your Own Domains](#task-9-alias-replicated-endpoints-with-your-own-domains).
+:::
+
+To rewrite image names to use the proxy registry:
+
+1. <StepCreds/>
+
+1. <RewriteHelmValues/>
+
+1. If your application is deployed as multiple Helm charts, repeat the previous step to rewrite image names in the Helm values for each of your charts.
+
+1. Continue to the next task.
+
+   As part of [Task 4: Create the Initial Release with KOTS HelmChart and Embedded Cluster Config](#first-release), you will inject a Replicated-generated pull secret into your Helm values that grants authentication to pull your private images through the proxy registry.
 
 ### Task 3: Add the Replicated SDK and Package your Chart
 
@@ -146,15 +163,32 @@ To create the first release for your application:
 
       For more information, see [Use Embedded Cluster](/vendor/embedded-overview).
 
-   1. Create a new YAML file. In this file, configure the KOTS HelmChart custom resource by completing the workflow in [Configuring the HelmChart Custom Resource](helm-native-v2-using).
+   1. Create a new YAML file named `YOUR_CHART_NAME.yaml`. For example, `samplechart.yaml`. In the file, add the following to create the KOTS HelmChart v2 custom resource for your primary Helm chart, updating the fields as needed to match the name and version of the chart:
+
+      ```yaml
+      # KOTS HelmChart custom resource
+      apiVersion: kots.io/v1beta2
+      kind: HelmChart
+      metadata:
+        name: samplechart
+      spec:
+        chart:
+          # name must match the chart name from the .tgz chart archive
+          name: samplechart
+          # chartVersion must match the chart version from the .tgz chart archive
+          chartVersion: 1.2.3 
+      ```
+      For more information about configuring these fields, see [HelmChart v2](custom-resource-helmchart-v2).    
    
       <details>
       <summary>What is the KOTS HelmChart custom resource?</summary>
       
-      The KOTS HelmChart custom resource is required to install Helm charts with KOTS and Embedded Cluster. As part of configuring the KOTS HelmChart custom resource, you will rewrite image names and add image pull secrets to allow your application images to be accessed through the Replicated proxy registry.
+      The KOTS HelmChart custom resource is required to install Helm charts with KOTS and Embedded Cluster.
       </details>
 
-   1. If your application is deployed as multiple Helm charts, repeat the step above to add a separate HelmChart custom resource for each Helm chart archive in the release.
+   1. <InjectPullSecret/>
+   
+   1. If your application is deployed as multiple Helm charts, repeat the previous steps to add and configure a separate HelmChart custom resource for each Helm chart archive in the release.
 
    1. If there are values in any of your Helm charts that need to be set for the installation to succeed, you can set those values using the `values` key in the corresponding HelmChart custom resource. See [Set Helm Values with KOTS](/vendor/helm-optional-value-keys).
 
@@ -464,9 +498,11 @@ To add support for air gap installations:
    For many applications, running `helm template` with the default values would not yield all the images required to install. In these cases, vendors can pass the additional values in the `builder` key to ensure that the air gap bundle includes all the necessary images.
    </details>
 
-1. If you have not done so already as part of [Task 4: Create and Install the Initial Release](#first-release), ensure that the `values` key in the KOTS HelmChart custom resource correctly rewrites image names for air gap installations. This is done using the KOTS HasLocalRegistry, LocalRegistryHost, and LocalRegistryNamespace template functions to render the location of the given image in the user's own local registry.
+1. For each Helm chart in your release, update the KOTS HelmChart custom resource `optionalValues` key to conditionally rewrite image names for air gap installations. This is done using the KOTS HasLocalRegistry, LocalRegistryHost, and LocalRegistryNamespace template functions to render the location of the given image in the user's own local registry.
+
+   For more information, see [Rewrite Image Names with HelmChart v2 for Local Registries](/vendor/helmchart-local-registries).
 
-   For more information, see [Rewrite Image Names](/vendor/helm-native-v2-using#rewrite-image-names) in _Configuring the HelmChart Custom Resource v2_.
+1. If your application uses any public Docker Hub images that are rate limited, configure the HelmChart v2 custom resource `values` key to add a Replicated image pull secret to any Docker images that could be rate-limited. This pull secret allows any users that configure a local registry to avoid rate limits. For more information, see [Avoid Docker Hub Rate Limits](/enterprise/image-registry-rate-limits).
 
 1. Create and promote a new release with your changes. For more information, see [Manage Releases with the Vendor Portal](releases-creating-releases) or [Managing Releases with the CLI](releases-creating-cli).