explain discovery group

gravitational · Nov 7, 2024 · 4703c4a · 4703c4a
1 parent 9a7da45
commit 4703c4a
Show file tree

Hide file tree

Showing 11 changed files with 95 additions and 4 deletions.
diff --git a/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx b/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx
@@ -71,6 +71,14 @@ ssh_service:
   enabled: false
 discovery_service:
   enabled: true
+  # discovery_group is used to group discovered resources into different
+  # sets. This is required when you have multiple Teleport Discovery services
+  # running. It prevents discovered services from colliding in Teleport when
+  # managing discovered resources.
+  # If two Discovery Services match the same resources, they must be in the
+  # same discovery group.
+  # If two Discovery Services match different resources, they must be in
+  # different discovery groups.
   discovery_group: "<Var name="aws-example"/>"
 ```
 

diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx
@@ -306,6 +306,14 @@ ssh_service:
   enabled: off
 discovery_service:
   enabled: "yes"
+  # discovery_group is used to group discovered resources into different
+  # sets. This is required when you have multiple Teleport Discovery services
+  # running. It prevents discovered services from colliding in Teleport when
+  # managing discovered resources.
+  # If two Discovery Services match the same resources, they must be in the
+  # same discovery group.
+  # If two Discovery Services match different resources, they must be in
+  # different discovery groups.
   discovery_group: "aws-prod"
   aws:
    - types: ["eks"]

diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx
@@ -243,6 +243,14 @@ ssh_service:
   enabled: off
 discovery_service:
   enabled: "yes"
+  # discovery_group is used to group discovered resources into different
+  # sets. This is required when you have multiple Teleport Discovery services
+  # running. It prevents discovered services from colliding in Teleport when
+  # managing discovered resources.
+  # If two Discovery Services match the same resources, they must be in the
+  # same discovery group.
+  # If two Discovery Services match different resources, they must be in
+  # different discovery groups.
   discovery_group: "aks-prod"
   azure:
   - types: ["aks"]

diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx
@@ -338,6 +338,14 @@ ssh_service:
   enabled: off
 discovery_service:
   enabled: "yes"
+  # discovery_group is used to group discovered resources into different
+  # sets. This is required when you have multiple Teleport Discovery services
+  # running. It prevents discovered services from colliding in Teleport when
+  # managing discovered resources.
+  # If two Discovery Services match the same resources, they must be in the
+  # same discovery group.
+  # If two Discovery Services match different resources, they must be in
+  # different discovery groups.
   discovery_group: "gke-myproject"
   gcp:
     - types: ["gke"]
@@ -396,6 +404,14 @@ ssh_service:
   enabled: off
 discovery_service:
   enabled: "yes"
+  # discovery_group is used to group discovered resources into different
+  # sets. This is required when you have multiple Teleport Discovery services
+  # running. It prevents discovered services from colliding in Teleport when
+  # managing discovered resources.
+  # If two Discovery Services match the same resources, they must be in the
+  # same discovery group.
+  # If two Discovery Services match different resources, they must be in
+  # different discovery groups.
   discovery_group: "gke-myproject"
   gcp:
     - types: ["gke"]
@@ -434,6 +450,14 @@ clusters in project `myproj-prod` running in `us-east2`, but *not* clusters in
 ```yaml
 discovery_service:
   enabled: "yes"
+  # discovery_group is used to group discovered resources into different
+  # sets. This is required when you have multiple Teleport Discovery services
+  # running. It prevents discovered services from colliding in Teleport when
+  # managing discovered resources.
+  # If two Discovery Services match the same resources, they must be in the
+  # same discovery group.
+  # If two Discovery Services match different resources, they must be in
+  # different discovery groups.
   discovery_group: "gke-myproject"
   gcp:
     - types: ["gke"]

diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx
@@ -63,10 +63,13 @@ and their default values.
 discovery_service:
     enabled: "yes"
     # discovery_group is used to group discovered resources into different
-    # sets. This is useful when you have multiple Teleport Discovery services
-    # running in the same cluster but polling different cloud providers or cloud
-    # accounts. It prevents discovered services from colliding in Teleport when
+    # sets. This is required when you have multiple Teleport Discovery services
+    # running. It prevents discovered services from colliding in Teleport when
     # managing discovered resources.
+    # If two Discovery Services match the same resources, they must be in the
+    # same discovery group.
+    # If two Discovery Services match different resources, they must be in
+    # different discovery groups.
     discovery_group: "prod"
     aws:
        # AWS resource types. Valid options are:

diff --git a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx
@@ -250,6 +250,14 @@ ssh_service:
   enabled: off
 discovery_service:
   enabled: "yes"
+  # discovery_group is used to group discovered resources into different
+  # sets. This is required when you have multiple Teleport Discovery services
+  # running. It prevents discovered services from colliding in Teleport when
+  # managing discovered resources.
+  # If two Discovery Services match the same resources, they must be in the
+  # same discovery group.
+  # If two Discovery Services match different resources, they must be in
+  # different discovery groups.
   discovery_group: "azure-prod"
   azure:
     - types: ["vm"]

diff --git a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx
@@ -133,6 +133,14 @@ ssh_service:
   enabled: off
 discovery_service:
   enabled: "yes"
+  # discovery_group is used to group discovered resources into different
+  # sets. This is required when you have multiple Teleport Discovery services
+  # running. It prevents discovered services from colliding in Teleport when
+  # managing discovered resources.
+  # If two Discovery Services match the same resources, they must be in the
+  # same discovery group.
+  # If two Discovery Services match different resources, they must be in
+  # different discovery groups.
   discovery_group: "aws-prod"
   aws:
    - types: ["ec2"]

diff --git a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx
@@ -246,6 +246,14 @@ ssh_service:
   enabled: off
 discovery_service:
   enabled: "yes"
+  # discovery_group is used to group discovered resources into different
+  # sets. This is required when you have multiple Teleport Discovery services
+  # running. It prevents discovered services from colliding in Teleport when
+  # managing discovered resources.
+  # If two Discovery Services match the same resources, they must be in the
+  # same discovery group.
+  # If two Discovery Services match different resources, they must be in
+  # different discovery groups.
   discovery_group: "gcp-prod"
   gcp:
     - types: ["gce"]

diff --git a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx
@@ -25,6 +25,14 @@ You can reduce the policy size by separating them into multiple IAM roles. Use
   configuration:
   ```yaml
   discovery_service:
+    # discovery_group is used to group discovered resources into different
+    # sets. This is required when you have multiple Teleport Discovery services
+    # running. It prevents discovered services from colliding in Teleport when
+    # managing discovered resources.
+    # If two Discovery Services match the same resources, they must be in the
+    # same discovery group.
+    # If two Discovery Services match different resources, they must be in
+    # different discovery groups.
     discovery_group: "prod"
     enabled: "yes"
     aws:

diff --git a/docs/pages/includes/server-access/custom-installer.mdx b/docs/pages/includes/server-access/custom-installer.mdx
@@ -39,7 +39,7 @@ Multiple `installer` resources can exist and be specified in the
 
 ```yaml
 discovery_service:
-  discovery_group: prod
+  # ...
   {{ matcher }}:
     - types: {{ matchTypes }}
       tags:

diff --git a/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx b/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx
@@ -36,6 +36,14 @@ example:
 # This section configures the Discovery Service
 discovery_service:
   enabled: yes
+  # discovery_group is used to group discovered resources into different
+  # sets. This is required when you have multiple Teleport Discovery services
+  # running. It prevents discovered services from colliding in Teleport when
+  # managing discovered resources.
+  # If two Discovery Services match the same resources, they must be in the
+  # same discovery group.
+  # If two Discovery Services match different resources, they must be in
+  # different discovery groups.
   discovery_group: main-cluster
   kubernetes:
   - types: ["app"]