From 9b9a439004e1a0d0a93438abfc8ee638565f9324 Mon Sep 17 00:00:00 2001 From: Paul Gottschling Date: Wed, 8 Jan 2025 10:57:52 -0500 Subject: [PATCH] Clarify distroless images in Helm values Responds to hugoShaka feedback. --- .../zz_generated.teleport-kube-agent.mdx | 6 ++++-- examples/chart/teleport-cluster/values.yaml | 10 ++++++---- examples/chart/teleport-kube-agent/values.yaml | 6 ++++-- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/docs/pages/includes/helm-reference/zz_generated.teleport-kube-agent.mdx b/docs/pages/includes/helm-reference/zz_generated.teleport-kube-agent.mdx index 116dcbafd0656..45e31399cbda9 100644 --- a/docs/pages/includes/helm-reference/zz_generated.teleport-kube-agent.mdx +++ b/docs/pages/includes/helm-reference/zz_generated.teleport-kube-agent.mdx @@ -1112,7 +1112,8 @@ For this reason, it is strongly discouraged to set a custom image when using automatic updates. Teleport Cloud uses automatic updates by default. -Hardened distroless images are used by default. +By default, the image contains only the Teleport application and its runtime +dependencies, and does not contain a shell. This setting only takes effect when [`enterprise`](#enterprise) is `false`. When running an enterprise version, you must use [`enterpriseImage`](#enterpriseImage) instead. @@ -1138,7 +1139,8 @@ Teleport-published image. using automatic updates. Teleport Cloud uses automatic updates by default. -Hardened distroless images are used by default. +By default, the image contains only the Teleport application and its runtime +dependencies, and does not contain a shell. This setting only takes effect when [`enterprise`](#enterprise) is `true`. When running an enterprise version, you must use [`image`](#image) instead. diff --git a/examples/chart/teleport-cluster/values.yaml b/examples/chart/teleport-cluster/values.yaml index 2596ddac913cd..6a11b492a9879 100644 --- a/examples/chart/teleport-cluster/values.yaml +++ b/examples/chart/teleport-cluster/values.yaml @@ -568,11 +568,13 @@ tls: # Values that you shouldn't need to change. ################################################## -# Container image for the cluster. -# Hardened distroless images are used by default. +# Container image for the cluster. By default, the image contains only the +# Teleport application and its runtime dependencies, and does not contain a +# shell. image: public.ecr.aws/gravitational/teleport-distroless -# Enterprise version of the image -# Hardened distroless images are used by default. +# Enterprise version of the image. By default, the image contains only the +# Teleport application and its runtime dependencies, and does not contain a +# shell. enterpriseImage: public.ecr.aws/gravitational/teleport-ent-distroless # Optional array of imagePullSecrets, to use when pulling from a private registry imagePullSecrets: [] diff --git a/examples/chart/teleport-kube-agent/values.yaml b/examples/chart/teleport-kube-agent/values.yaml index 802547973e1cf..56c014ef7776b 100644 --- a/examples/chart/teleport-kube-agent/values.yaml +++ b/examples/chart/teleport-kube-agent/values.yaml @@ -881,7 +881,8 @@ adminClusterRoleBinding: # automatic updates. Teleport Cloud uses automatic updates by default. # # -# Hardened distroless images are used by default. +# By default, the image contains only the Teleport application and its runtime +# dependencies, and does not contain a shell. # This setting only takes effect when [`enterprise`](#enterprise) is `false`. # When running an enterprise version, you must use # [`enterpriseImage`](#enterpriseImage) instead. @@ -902,7 +903,8 @@ image: public.ecr.aws/gravitational/teleport-distroless # using automatic updates. Teleport Cloud uses automatic updates by default. # # -# Hardened distroless images are used by default. +# By default, the image contains only the Teleport application and its runtime +# dependencies, and does not contain a shell. # This setting only takes effect when [`enterprise`](#enterprise) is `true`. # When running an enterprise version, you must use [`image`](#image) instead. enterpriseImage: public.ecr.aws/gravitational/teleport-ent-distroless