From 9953abff12185c85e28cea2c4fd79e8a0113f3b2 Mon Sep 17 00:00:00 2001
From: William Ong <william@tigera.io>
Date: Mon, 24 Mar 2025 09:43:58 -0700
Subject: [PATCH 1/4] Change default state to Disabled

---
 calico-cloud/get-started/install-automated.mdx                | 4 ++--
 calico-cloud/get-started/install-cluster.mdx                  | 4 ++--
 .../version-20-2/get-started/install-automated.mdx            | 4 ++--
 .../version-20-2/get-started/install-private-registry.mdx     | 4 ++--
 .../version-21-1/get-started/install-automated.mdx            | 4 ++--
 .../version-21-1/get-started/install-cluster.mdx              | 4 ++--
 .../version-21-1/get-started/install-private-registry.mdx     | 4 ++--
 7 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/calico-cloud/get-started/install-automated.mdx b/calico-cloud/get-started/install-automated.mdx
index d4e0e8d241..9b8519779e 100644
--- a/calico-cloud/get-started/install-automated.mdx
+++ b/calico-cloud/get-started/install-automated.mdx
@@ -82,10 +82,10 @@ These features can be enabled or diabled only by setting them in your `values.ya
 
 | Feature name | Parameter | Values |
 |---------|-----|--------|
-| Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+| Image Assurance | `installer.components.imageAssurance.state` | `Enabled`, `Disabled` (default) |
 | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default) |
 | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default) |
-| Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |
+| Compliance Reports | `installer.components.compliance.enabled` | `true`, `false` (default) |
 
 :::note
 
diff --git a/calico-cloud/get-started/install-cluster.mdx b/calico-cloud/get-started/install-cluster.mdx
index bfeefe5087..c68cc729be 100644
--- a/calico-cloud/get-started/install-cluster.mdx
+++ b/calico-cloud/get-started/install-cluster.mdx
@@ -48,10 +48,10 @@ You can quickly connect a cluster to Calico Cloud by generating a unique kubectl
 
    | Feature | Key | Values |
    |---------|-----|--------|
-   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled`, `Disabled` (default) |
    | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
    | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
-   | Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |
+   | Compliance Reports | `installer.components.compliance.enabled` | `true`, `false` (default) |
 
    ```bash title="Example of generated Helm command with user-added parameters"
    helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update && helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds --namespace calico-cloud --create-namespace && helm upgrade --install calico-cloud calico-cloud/calico-cloud --namespace calico-cloud --set apiKey=ryl34elz8:9dav6eoag:ifk1uwruwlgp7vzn7ecijt5zjbf5p9p1il1ag8877ylwjo4muu19wzg2g8x5qa7x --set installer.clusterName=my-cluster --set installer.calicoCloudVersion=v19.1.0 \
diff --git a/calico-cloud_versioned_docs/version-20-2/get-started/install-automated.mdx b/calico-cloud_versioned_docs/version-20-2/get-started/install-automated.mdx
index d4e0e8d241..9b8519779e 100644
--- a/calico-cloud_versioned_docs/version-20-2/get-started/install-automated.mdx
+++ b/calico-cloud_versioned_docs/version-20-2/get-started/install-automated.mdx
@@ -82,10 +82,10 @@ These features can be enabled or diabled only by setting them in your `values.ya
 
 | Feature name | Parameter | Values |
 |---------|-----|--------|
-| Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+| Image Assurance | `installer.components.imageAssurance.state` | `Enabled`, `Disabled` (default) |
 | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default) |
 | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default) |
-| Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |
+| Compliance Reports | `installer.components.compliance.enabled` | `true`, `false` (default) |
 
 :::note
 
diff --git a/calico-cloud_versioned_docs/version-20-2/get-started/install-private-registry.mdx b/calico-cloud_versioned_docs/version-20-2/get-started/install-private-registry.mdx
index 0fb15751c1..2da49c9478 100644
--- a/calico-cloud_versioned_docs/version-20-2/get-started/install-private-registry.mdx
+++ b/calico-cloud_versioned_docs/version-20-2/get-started/install-private-registry.mdx
@@ -37,11 +37,11 @@ You can perform a Helm installation from images stored on a private registry.
 
    | Feature | Key | Values |
    |---------|-----|--------|
-   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled`, `Disabled` (default) |
    | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
 
    | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
-   | Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |
+   | Compliance Reports | `installer.components.compliance.enabled` | `true`, `false` (default) |
 
    ```bash title="Example of generated Helm command with user-added parameters"
    helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update && helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds --namespace calico-cloud --create-namespace && helm upgrade --install calico-cloud calico-cloud/calico-cloud --namespace calico-cloud --set apiKey=ryl34elz8:5kdv6siag:ifk1uwruwlgp7vzn7ecijt5zjbf5p9p1il1ag8877ylwjo4muu19wzg2g8x5qa7x --set installer.clusterName=my-cluster --set installer.calicoCloudVersion=v19.1.0 \
diff --git a/calico-cloud_versioned_docs/version-21-1/get-started/install-automated.mdx b/calico-cloud_versioned_docs/version-21-1/get-started/install-automated.mdx
index d4e0e8d241..9b8519779e 100644
--- a/calico-cloud_versioned_docs/version-21-1/get-started/install-automated.mdx
+++ b/calico-cloud_versioned_docs/version-21-1/get-started/install-automated.mdx
@@ -82,10 +82,10 @@ These features can be enabled or diabled only by setting them in your `values.ya
 
 | Feature name | Parameter | Values |
 |---------|-----|--------|
-| Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+| Image Assurance | `installer.components.imageAssurance.state` | `Enabled`, `Disabled` (default) |
 | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default) |
 | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default) |
-| Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |
+| Compliance Reports | `installer.components.compliance.enabled` | `true`, `false` (default) |
 
 :::note
 
diff --git a/calico-cloud_versioned_docs/version-21-1/get-started/install-cluster.mdx b/calico-cloud_versioned_docs/version-21-1/get-started/install-cluster.mdx
index bfeefe5087..c68cc729be 100644
--- a/calico-cloud_versioned_docs/version-21-1/get-started/install-cluster.mdx
+++ b/calico-cloud_versioned_docs/version-21-1/get-started/install-cluster.mdx
@@ -48,10 +48,10 @@ You can quickly connect a cluster to Calico Cloud by generating a unique kubectl
 
    | Feature | Key | Values |
    |---------|-----|--------|
-   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled`, `Disabled` (default) |
    | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
    | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
-   | Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |
+   | Compliance Reports | `installer.components.compliance.enabled` | `true`, `false` (default) |
 
    ```bash title="Example of generated Helm command with user-added parameters"
    helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update && helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds --namespace calico-cloud --create-namespace && helm upgrade --install calico-cloud calico-cloud/calico-cloud --namespace calico-cloud --set apiKey=ryl34elz8:9dav6eoag:ifk1uwruwlgp7vzn7ecijt5zjbf5p9p1il1ag8877ylwjo4muu19wzg2g8x5qa7x --set installer.clusterName=my-cluster --set installer.calicoCloudVersion=v19.1.0 \
diff --git a/calico-cloud_versioned_docs/version-21-1/get-started/install-private-registry.mdx b/calico-cloud_versioned_docs/version-21-1/get-started/install-private-registry.mdx
index 0fb15751c1..2da49c9478 100644
--- a/calico-cloud_versioned_docs/version-21-1/get-started/install-private-registry.mdx
+++ b/calico-cloud_versioned_docs/version-21-1/get-started/install-private-registry.mdx
@@ -37,11 +37,11 @@ You can perform a Helm installation from images stored on a private registry.
 
    | Feature | Key | Values |
    |---------|-----|--------|
-   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled`, `Disabled` (default) |
    | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
 
    | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
-   | Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |
+   | Compliance Reports | `installer.components.compliance.enabled` | `true`, `false` (default) |
 
    ```bash title="Example of generated Helm command with user-added parameters"
    helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update && helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds --namespace calico-cloud --create-namespace && helm upgrade --install calico-cloud calico-cloud/calico-cloud --namespace calico-cloud --set apiKey=ryl34elz8:5kdv6siag:ifk1uwruwlgp7vzn7ecijt5zjbf5p9p1il1ag8877ylwjo4muu19wzg2g8x5qa7x --set installer.clusterName=my-cluster --set installer.calicoCloudVersion=v19.1.0 \

From 8d28830e54e2cb939cdf91b15fb7b33f9063d3bc Mon Sep 17 00:00:00 2001
From: William Ong <william@tigera.io>
Date: Mon, 24 Mar 2025 15:17:58 -0700
Subject: [PATCH 2/4] Update install-private-registry.mdx

---
 calico-cloud/get-started/install-private-registry.mdx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/calico-cloud/get-started/install-private-registry.mdx b/calico-cloud/get-started/install-private-registry.mdx
index 0fb15751c1..2da49c9478 100644
--- a/calico-cloud/get-started/install-private-registry.mdx
+++ b/calico-cloud/get-started/install-private-registry.mdx
@@ -37,11 +37,11 @@ You can perform a Helm installation from images stored on a private registry.
 
    | Feature | Key | Values |
    |---------|-----|--------|
-   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled`, `Disabled` (default) |
    | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
 
    | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
-   | Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |
+   | Compliance Reports | `installer.components.compliance.enabled` | `true`, `false` (default) |
 
    ```bash title="Example of generated Helm command with user-added parameters"
    helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update && helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds --namespace calico-cloud --create-namespace && helm upgrade --install calico-cloud calico-cloud/calico-cloud --namespace calico-cloud --set apiKey=ryl34elz8:5kdv6siag:ifk1uwruwlgp7vzn7ecijt5zjbf5p9p1il1ag8877ylwjo4muu19wzg2g8x5qa7x --set installer.clusterName=my-cluster --set installer.calicoCloudVersion=v19.1.0 \

From e0a626a04f534f5a8d3ac5f0d848948ca835c1b4 Mon Sep 17 00:00:00 2001
From: William Ong <william@tigera.io>
Date: Wed, 26 Mar 2025 09:56:03 -0700
Subject: [PATCH 3/4] Update install-cluster.mdx

---
 calico-cloud/get-started/install-cluster.mdx | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/calico-cloud/get-started/install-cluster.mdx b/calico-cloud/get-started/install-cluster.mdx
index c68cc729be..48db1f1642 100644
--- a/calico-cloud/get-started/install-cluster.mdx
+++ b/calico-cloud/get-started/install-cluster.mdx
@@ -27,6 +27,12 @@ You can quickly connect a cluster to Calico Cloud by generating a unique kubectl
    kubectl apply -f https://installer.calicocloud.io/manifests/cc-operator/latest/deploy.yaml && curl -H "Authorization: Bearer mprcnz04t:9dav6eoag:s8w7xjslez1x1xkf6ds0h23miz5b1fw6phh9897d0n76e4pjfdekijowjv5lw9dd" "https://www.calicocloud.io/api/managed-cluster/deploy.yaml?version=v19.1.0" | kubectl apply -f -
    ```
 
+1. For legacy users that want to install container security features, change the `deploy.yaml` in the command above to `deploy-with-container-security.yaml`
+   
+    ```bash title="Example of generated kubectl installation command"
+   kubectl apply -f https://installer.calicocloud.io/manifests/cc-operator/latest/deploy-with-container-security.yaml && curl -H "Authorization: Bearer mprcnz04t:9dav6eoag:s8w7xjslez1x1xkf6ds0h23miz5b1fw6phh9897d0n76e4pjfdekijowjv5lw9dd" "https://www.calicocloud.io/api/managed-cluster/deploy-with-container-security.yaml?version=v19.1.0" | kubectl apply -f -
+   ```
+
 1. From a terminal, paste and run the command.
 1. On the **Managed Clusters** page, you should immediately see your cluster in the list of managed clusters.
    Monitor the status under **Connection Status**.

From abb76f9cb97c35b330bbb783cba84b69d37549f6 Mon Sep 17 00:00:00 2001
From: William Ong <william@tigera.io>
Date: Thu, 27 Mar 2025 08:26:30 -0700
Subject: [PATCH 4/4] Add a note about deprecation

---
 calico-cloud/get-started/install-automated.mdx        | 8 ++++++++
 calico-cloud/get-started/install-cluster.mdx          | 7 +++++++
 calico-cloud/get-started/install-private-registry.mdx | 8 ++++++++
 3 files changed, 23 insertions(+)

diff --git a/calico-cloud/get-started/install-automated.mdx b/calico-cloud/get-started/install-automated.mdx
index 9b8519779e..b24b5f8351 100644
--- a/calico-cloud/get-started/install-automated.mdx
+++ b/calico-cloud/get-started/install-automated.mdx
@@ -10,6 +10,14 @@ import IconUser from '/img/icons/user-icon.svg';
 
 You can connect clusters to Calico Cloud as part of an automated workflow, using persistent client credentials and customized Helm charts.
 
+:::note
+
+Starting from April 2025, container security features will not be enabled by default. 
+Image Assurance, Compliance Reports, and Container Threat Detection will need to be enabled explicitly.
+
+:::
+
+
 ## Prerequisites
 
 * You have an active Calico Cloud account. You can sign up for a 14-day free trial at [calicocloud.io](https://calicocloud.io).
diff --git a/calico-cloud/get-started/install-cluster.mdx b/calico-cloud/get-started/install-cluster.mdx
index 48db1f1642..a0e7e373fd 100644
--- a/calico-cloud/get-started/install-cluster.mdx
+++ b/calico-cloud/get-started/install-cluster.mdx
@@ -7,6 +7,13 @@ title: Install Calico Cloud
 
 You can quickly connect a cluster to Calico Cloud by generating a unique kubectl or Helm command in the web console and running it on your cluster.
 
+:::note
+
+Starting from April 2025, container security features will not be enabled by default. 
+Image Assurance, Compliance Reports, and Container Threat Detection will need to be enabled explicitly.
+
+:::
+
 ## Prerequisites
 
 * You have an active Calico Cloud account. You can sign up for a 14-day free trial at [calicocloud.io](https://calicocloud.io).
diff --git a/calico-cloud/get-started/install-private-registry.mdx b/calico-cloud/get-started/install-private-registry.mdx
index 2da49c9478..235238e0b2 100644
--- a/calico-cloud/get-started/install-private-registry.mdx
+++ b/calico-cloud/get-started/install-private-registry.mdx
@@ -7,6 +7,14 @@ title: Install using a private registry
 
 You can perform a Helm installation from images stored on a private registry.
 
+:::note
+
+Starting from April 2025, container security features will not be enabled by default. 
+Image Assurance, Compliance Reports, and Container Threat Detection will need to be enabled explicitly.
+
+:::
+
+
 ## Prerequisites
 
 * You have an active Calico Cloud account. You can sign up for a 14-day free trial at [calicocloud.io](https://calicocloud.io).