From ca4c94eb605cc970a4dd4c15c6920816dad9fb7d Mon Sep 17 00:00:00 2001
From: Adam Anthony <adam@replicated.com>
Date: Fri, 17 Apr 2026 12:55:29 -0400
Subject: [PATCH] fix: use EC3 image functions and clean up preflight for
 airgap

- helmchart.yaml: use ReplicatedImageRegistry/Repository for proper
  online vs airgap image routing; remove broken IsEmbeddedCluster
  function and preflight.excludeReachability block
- deployment.yaml: support image.registry/repository split (EC path)
  with imageProxy fallback for direct Helm installs
- values.yaml: add image.registry default, remove excludeReachability
- preflight.yaml: remove excludeReachability excludes, change
  reachability fail->warn so airgap installs are not blocked

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 chart/gameshelf/templates/deployment.yaml |  4 +++-
 chart/gameshelf/templates/preflight.yaml  |  6 ++----
 chart/gameshelf/values.yaml               |  2 +-
 helmchart.yaml                            | 12 +++++-------
 4 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/chart/gameshelf/templates/deployment.yaml b/chart/gameshelf/templates/deployment.yaml
index 4dbbc0e..3190ca6 100644
--- a/chart/gameshelf/templates/deployment.yaml
+++ b/chart/gameshelf/templates/deployment.yaml
@@ -25,7 +25,9 @@ spec:
       {{- end }}
       containers:
         - name: gameshelf
-          {{- if .Values.imageProxy.host }}
+          {{- if .Values.image.registry }}
+          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          {{- else if .Values.imageProxy.host }}
           image: "{{ .Values.imageProxy.host }}/proxy/{{ .Values.imageProxy.appSlug }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           {{- else }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
diff --git a/chart/gameshelf/templates/preflight.yaml b/chart/gameshelf/templates/preflight.yaml
index 226cd20..586e6e1 100644
--- a/chart/gameshelf/templates/preflight.yaml
+++ b/chart/gameshelf/templates/preflight.yaml
@@ -25,7 +25,6 @@ stringData:
             exclude: {{ .Values.postgresql.enabled }}
         - http:
             collectorName: replicated-app-reachability
-            exclude: {{ .Values.preflight.excludeReachability }}
             get:
               url: {{ .Values.preflight.requiredEndpoint }}
               timeout: 10s
@@ -45,14 +44,13 @@ stringData:
         - http:
             checkName: Replicated App Reachability
             collectorName: replicated-app-reachability
-            exclude: {{ .Values.preflight.excludeReachability }}
             outcomes:
               - pass:
                   when: "statusCode == 200"
                   message: Successfully reached replicated.app. License validation will work correctly.
-              - fail:
+              - warn:
                   when: "error"
-                  message: "Cannot reach replicated.app. Outbound internet access on port 443 is required for license validation. Check firewall or proxy settings."
+                  message: "Cannot reach replicated.app. Outbound internet access on port 443 is required for online license validation. Air-gapped installs can ignore this warning."
               - warn:
                   message: "Received an unexpected response from replicated.app. License validation may be affected."
         - nodeResources:
diff --git a/chart/gameshelf/values.yaml b/chart/gameshelf/values.yaml
index fefc1f7..00d8a98 100644
--- a/chart/gameshelf/values.yaml
+++ b/chart/gameshelf/values.yaml
@@ -14,6 +14,7 @@ imageProxy:
   appSlug: gameshelf
 
 image:
+  registry: ""  # When set, used directly as registry (EC installs set this via helmchart.yaml)
   repository: ghcr.io/aa-replicated/gameshelf
   tag: ""
   pullPolicy: Always
@@ -121,7 +122,6 @@ preflight:
   minCPU: 2
   minMemory: 4Gi
   requiredEndpoint: "https://replicated.app"
-  excludeReachability: false
 
 replicated:
   enabled: true
diff --git a/helmchart.yaml b/helmchart.yaml
index 9dae91c..ac6dc94 100644
--- a/helmchart.yaml
+++ b/helmchart.yaml
@@ -8,24 +8,22 @@ spec:
     chartVersion: "0.0.0"
   values:
     adminSecret: repl{{ ConfigOption `admin_secret`}}
-    preflight:
-      excludeReachability: repl{{ and IsEmbeddedCluster (not IsOnline) }}
     siteName: repl{{ ConfigOption `site_name`}}
     siteColor: repl{{ ConfigOption `site_color`}}
     customBrandingEnabled: repl{{ LicenseFieldValue `custom_branding_enabled` }}
-    imageProxy:
-      host: ""
     image:
+      registry: 'repl{{ ReplicatedImageRegistry "proxy.replicated.com/proxy/gameshelf/ghcr.io/aa-replicated/gameshelf" }}'
+      repository: 'repl{{ ReplicatedImageRepository "proxy.replicated.com/proxy/gameshelf/ghcr.io/aa-replicated/gameshelf" }}'
       pullPolicy: IfNotPresent
     postgresql:
       image:
-        registry: ""
+        registry: 'repl{{ ReplicatedImageRegistry "proxy.replicated.com/proxy/gameshelf/index.docker.io" }}'
       volumePermissions:
         image:
-          registry: ""
+          registry: 'repl{{ ReplicatedImageRegistry "proxy.replicated.com/proxy/gameshelf/index.docker.io" }}'
     redis:
       image:
-        registry: ""
+        registry: 'repl{{ ReplicatedImageRegistry "proxy.replicated.com/proxy/gameshelf/index.docker.io" }}'
   builder:
     postgresql:
       image: