{{- if .Values.highAvailability.certManager.enabled }}
You have enabled cert-manager support in high availability mode.

There may be a short delay before Teleport pods start while an ACME certificate is issued.
You can check the status of the certificate with `kubectl -n {{ .Release.Namespace }} describe certificate/{{ .Release.Name }}`

NOTE: For certificates to be provisioned, you must also install cert-manager (https://cert-manager.io/docs/) and configure an appropriate
      Issuer with access to your DNS provider to handle DNS01 challenges (https://cert-manager.io/docs/configuration/acme/dns01/#supported-dns01-providers)

For more information, please see the Helm guides in the Teleport docs (https://goteleport.com/docs/kubernetes-access/helm/guides/)
{{- end }}

{{- if and .Values.podSecurityPolicy.enabled (semverCompare "<1.23.0-0" .Capabilities.KubeVersion.Version) }}

SECURITY WARNING: Kubernetes 1.25 removes PodSecurityPolicy support and Helm
doesn't support upgrading from 1.24 to 1.25 with PSPs enabled. Since version 12
the `teleport-cluster` chart doesn't deploy PSPs on Kubernetes 1.23 or older.
Instead, we recommend you to configure Pod Security AdmissionControllers for
the namespace "{{.Release.Namespace}}" by adding the label
`pod-security.kubernetes.io/enforce: baseline` on the namespace resource.

See https://goteleport.com/docs/deploy-a-cluster/helm-deployments/migration-kubernetes-1-25-psp/

To remove this warning, explicitly set "podSecurityPolicy.enabled=false".
{{- end }}

{{- if .Values.teleportVersionOverride }}

DANGER: `teleportVersionOverride` MUST NOT be used to control the Teleport version.
This chart is designed to run Teleport version {{ .Chart.AppVersion }}.
You will face compatibility issues trying to run a different Teleport version with it.

If you want to run Teleport version {{.Values.teleportVersionOverride}},
you should use `helm --version {{.Values.teleportVersionOverride}}` instead.
{{- end }}