# ConfigValues

This topic describes the Replicated ConfigValues resource. Use ConfigValues to set application configuration values during automated or headless installations from the command line.

## Overview

The ConfigValues resource lists the values and defaults for each application configuration item defined in the Replicated [Config](custom-resource-config) resource in the release.

In automated or headless installations, end users set configuration values from the command line rather than through the UI. They provide a ConfigValues resource with the install command.

The following image shows how application configuration items defined a Config resource map to a ConfigValues resource:

![Config fields mapped from Config resource to ConfigValues resource](/images/configvalues-diagram.png)

[View a larger version of this image](/images/configvalues-diagram.png)

As shown in the preceding image, the `values` key in the ConfigValues resource lists each item from the Config resource by its `name`. For each item, the ConfigValues resource lists the user-supplied value and the default defined in the Config resource (if applicable).

## Example

```yaml
apiVersion: kots.io/v1beta1
kind: ConfigValues
spec:
  values:
    config_item_name:
      default: example_default_value
      value: example_value
    boolean_config_item_name:
      value: "1"
    password_config_item_name:
      valuePlaintext: exampleplaintextpassword
    select_one_config_item_name:
      default: default_option_name
      value: selected_option_name  
```

## Requirements

* Linux operating system

* x86-64 architecture

* systemd

* At least 2GB of memory and 2 CPU cores

* The disk on the host must have a maximum P99 write latency of 10 ms. This supports etcd performance and stability. For more information about the disk write latency requirements for etcd, see [Disks](https://etcd.io/docs/latest/op-guide/hardware/#disks) in _Hardware recommendations_ and [What does the etcd warning “failed to send out heartbeat on time” mean?](https://etcd.io/docs/latest/faq/) in the etcd documentation.

* The user performing the installation must have root access to the machine, such as with `sudo`.

* The data directory used by Embedded Cluster must have 40Gi or more of total space and be less than 80% full. By default, the data directory is `/var/lib/APP_SLUG`, where `APP_SLUG` is the unique slug of the application. The directory can be changed by passing the `--data-dir` flag with the Embedded Cluster `install` command. For more information, see [install](/embedded-cluster/v3/embedded-cluster-install).

   Note that in addition to the primary data directory, Embedded Cluster creates directories and files in the following locations:

      - `/etc/cni`
      - `/etc/k0s`
      - `/opt/cni`
      - `/opt/containerd`
      - `/run/calico`
      - `/run/containerd`
      - `/run/k0s`
      - `/sys/fs/cgroup/kubepods`
      - `/sys/fs/cgroup/system.slice/containerd.service`
      - `/sys/fs/cgroup/system.slice/k0scontroller.service`
      - `/usr/libexec/k0s`
      - `/var/lib/calico`
      - `/var/lib/cni`
      - `/var/lib/containers`
      - `/var/lib/kubelet`
      - `/var/log/calico`
      - `/var/log/containers`
      - `/var/log/APP_SLUG`, where `APP_SLUG` is the unique slug for the application
      - `/var/log/pods`
      - `/usr/local/bin/k0s`

* (Online installations only) Access to replicated.app and proxy.replicated.com or your custom domain for each

* Embedded Cluster is based on k0s, so all k0s system requirements and external runtime dependencies apply. See [System requirements](https://docs.k0sproject.io/stable/system-requirements/) and [External runtime dependencies](https://docs.k0sproject.io/stable/external-runtime-deps/) in the k0s documentation.

## Limitation

Replicated template functions are not supported in the ConfigValues resource. To use a template function for a config item's value, add it to the `default` or `value` property in the [Config](custom-resource-config) resource instead.

For more information about working with Replicated template functions, see [About Replicated Template Functions](/reference/template-functions-about).

## ConfigValues spec

### values.[item_name].default

The item's default value, as defined in the [Config](custom-resource-config) custom resource in the release.

#### Example

```yaml
apiVersion: kots.io/v1beta1
kind: ConfigValues
spec:
  values:
    certificate_source:
      default: generate_internal
    deploy_postgres:
      default: "1"
      value: "0"
    service_type:
      default: cluster_ip
      value: node_port
    node_port_port:
      default: "443"
      value: "3000"     
```

### values.[item_name].value

The user-supplied value for the application configuration item.

#### Example

```yaml
apiVersion: kots.io/v1beta1
kind: ConfigValues
spec:
  values:
    slack_clientid:
      value: T057KR02S
    slackernews_domain:
      value: hello.ingress.replicatedcluster.com
    slackernews_admin_user_emails:
      value: mandy@nitflex.com, jeff@nitflex.com, anil@nitflex.com  
    service_type:
      value: node_port
    node_port_port:
      value: "443"  
```
:::note
For KOTS or Embedded Cluster v2 installations, the `value` property in the auto-generated ConfigValues might also contain one of the following:
* A value rendered by a Replicated template function. For example, a [`hidden`](/reference/custom-resource-config#hidden) item defined in the Config resource could use the Replicated [RandomString](/reference/template-functions-static-context#randomstring) template function to set the value with `value: repl{{ RandomString 40}}`. In this case, the template function generates the value for the item in the ConfigValues, not the user. For more information about using Replicated template functions, see [About Replicated Template Functions](/reference/template-functions-about).
* An encrypted empty string. For any `password` configuration items without a user-supplied value, the Admin Console sets the value to an empty string. In the ConfigValues generated for the installation, this empty string is automatically encrypted.
* An empty mapping (`{}`). For configuration items without a user-supplied `value` or a `default`, KOTS sets the value to `{}`.
:::

### values.[item_name].valuePlaintext {#valueplaintext}

A plain text value. For any configuration items of type [`password`](/reference/custom-resource-config#password), provide the password in plain text in the `valuePlaintext` property rather than in the `value` property.

During installation, the installer encrypts the values set in `valuePlaintext`. In the ConfigValues resource automatically generated as part of installation, the installer saves these encrypted values in `value` properties. The following image shows how the installer encrypts a `valuePlaintext` value and adds it to a `value` property during installation:

![valuesPlaintext field in ConfigValues](/images/configvalues-plaintext.png)

[View a larger version of this image](/images/configvalues-plaintext.png)

#### Example

```yaml
apiVersion: kots.io/v1beta1
kind: ConfigValues
spec:
  values:
    slack_bot_token:
      valuePlaintext: examplebottoken
    slack_clientsecret:
      valuePlaintext: exampleclientsecret
    slack_user_token:
      valuePlaintext: exampleusertoken
```

## (KOTS and Embedded Cluster v2 Only) Download the ConfigValues for an installation {#download}

This section applies only to installations with KOTS in an existing cluster or with Embedded Cluster v2.

To get the ConfigValues file from an installed application instance:

1. Install the target release in a development environment. You can either install the release with Replicated Embedded Cluster or install in an existing cluster with KOTS. For more information, see [Online Installation with Embedded Cluster](/embedded-cluster/v3/installing-embedded) or [Online Installation in Existing Clusters](/enterprise/installing-existing-cluster).

1. Depending on the installer that you used, do one of the following to get the ConfigValues for the installed instance:

   * **For Embedded Cluster installations**: In the Admin Console, go to the **View files** tab. In the filetree, go to **upstream > userdata** and open **config.yaml**, as shown in the image below: 

       ![ConfigValues file in the Admin Console View Files tab](/images/admin-console-view-files-configvalues.png)

       [View a larger version of this image](/images/admin-console-view-files-configvalues.png)

   * **For KOTS installations in an existing cluster**: Run the `kubectl kots get config` command to view the generated ConfigValues file:

       ```bash
       kubectl kots get config --namespace APP_NAMESPACE --decrypt 
       ```
       Where:
       * `APP_NAMESPACE` is the cluster namespace where KOTS is running.
       * The `--decrypt` flag decrypts all configuration fields with `type: password`. In the downloaded ConfigValues file, the decrypted value is stored in a `valuePlaintext` field.

       The output of the `kots get config` command shows the contents of the ConfigValues file. For more information about the `kots get config` command, including additional flags, see [kots get config](/reference/kots-cli-get-config).