From 4703c4a093f7585601ccf66a4c6eaa3683868792 Mon Sep 17 00:00:00 2001 From: Marco Dinis Date: Thu, 7 Nov 2024 16:57:33 +0000 Subject: [PATCH] explain discovery group --- .../auto-discovery/databases/aws.mdx | 8 +++++++ .../auto-discovery/kubernetes/aws.mdx | 8 +++++++ .../auto-discovery/kubernetes/azure.mdx | 8 +++++++ .../kubernetes/google-cloud.mdx | 24 +++++++++++++++++++ .../auto-discovery/kubernetes/kubernetes.mdx | 9 ++++--- .../servers/azure-discovery.mdx | 8 +++++++ .../auto-discovery/servers/ec2-discovery.mdx | 8 +++++++ .../auto-discovery/servers/gcp-discovery.mdx | 8 +++++++ .../aws-troubleshooting-max-policy-size.mdx | 8 +++++++ .../server-access/custom-installer.mdx | 2 +- .../kubernetes-application-discovery.mdx | 8 +++++++ 11 files changed, 95 insertions(+), 4 deletions(-) diff --git a/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx b/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx index 0d1c98a6973c6..6f90598a48838 100644 --- a/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx +++ b/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx @@ -71,6 +71,14 @@ ssh_service: enabled: false discovery_service: enabled: true + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "" ``` diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx index 1d16e399667ee..8641fe2124a8c 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx @@ -306,6 +306,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "aws-prod" aws: - types: ["eks"] diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx index 97028738259c0..806aabfcc52ed 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx @@ -243,6 +243,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "aks-prod" azure: - types: ["aks"] diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx index 43a9eaa3d8161..a7fc0bf478c23 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx @@ -338,6 +338,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "gke-myproject" gcp: - types: ["gke"] @@ -396,6 +404,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "gke-myproject" gcp: - types: ["gke"] @@ -434,6 +450,14 @@ clusters in project `myproj-prod` running in `us-east2`, but *not* clusters in ```yaml discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "gke-myproject" gcp: - types: ["gke"] diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx index 2f24fa39bd08b..8c5d0b26c8f76 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx @@ -63,10 +63,13 @@ and their default values. discovery_service: enabled: "yes" # discovery_group is used to group discovered resources into different - # sets. This is useful when you have multiple Teleport Discovery services - # running in the same cluster but polling different cloud providers or cloud - # accounts. It prevents discovered services from colliding in Teleport when + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "prod" aws: # AWS resource types. Valid options are: diff --git a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx index 4196cfc159862..e54c65c5e9810 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx @@ -250,6 +250,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "azure-prod" azure: - types: ["vm"] diff --git a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx index c6b25da60f1aa..30600111d197c 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx @@ -133,6 +133,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "aws-prod" aws: - types: ["ec2"] diff --git a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx index 6a351f169e2ff..73004a9f18881 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx @@ -246,6 +246,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "gcp-prod" gcp: - types: ["gce"] diff --git a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx index dd4017786888a..11b3f1e7f005c 100644 --- a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx +++ b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx @@ -25,6 +25,14 @@ You can reduce the policy size by separating them into multiple IAM roles. Use configuration: ```yaml discovery_service: + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "prod" enabled: "yes" aws: diff --git a/docs/pages/includes/server-access/custom-installer.mdx b/docs/pages/includes/server-access/custom-installer.mdx index f3d5f3e987993..4d046e5c5bc12 100644 --- a/docs/pages/includes/server-access/custom-installer.mdx +++ b/docs/pages/includes/server-access/custom-installer.mdx @@ -39,7 +39,7 @@ Multiple `installer` resources can exist and be specified in the ```yaml discovery_service: - discovery_group: prod + # ... {{ matcher }}: - types: {{ matchTypes }} tags: diff --git a/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx b/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx index 1aeaa726d9628..63fbb8efdc439 100644 --- a/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx +++ b/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx @@ -36,6 +36,14 @@ example: # This section configures the Discovery Service discovery_service: enabled: yes + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: main-cluster kubernetes: - types: ["app"]