Skip to content

Commit

Permalink
[v16] Docs: add discovery_group to teleport.yaml/discovery_service ex…
Browse files Browse the repository at this point in the history
…amples (#48826)

* Docs: add discovery_group to teleport.yaml/discovery_service examples

When the discovery_group is not configured, teleport will log a warning
message saying that it is recommended.
Some configuration examples do not include it, so when users use that
example to implement their own variation, it will output a warning
message.
After seeing that warning users might wonder if there's anything wrong
with their `teleport.yaml`.
Instead, we add a discovery_group to all examples so that users don't
get that message.

* explain discovery group

* use partial instead
  • Loading branch information
marcoandredinis authored Nov 14, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 6ee1422 commit 8913bdd
Showing 10 changed files with 18 additions and 14 deletions.
Original file line number Diff line number Diff line change
@@ -88,7 +88,6 @@ that are set up with the `discovery_group` matching
discovery_service:
enabled: true
discovery_group: <Var name="access-graph-disc" />

```
Notice that if you already operate a Discovery Service within your cluster,
Original file line number Diff line number Diff line change
@@ -73,14 +73,6 @@ Here's an example database discovery configuration for the Discovery Service:
```yaml
discovery_service:
enabled: true
# discovery_group is used to group discovered resources into different
# sets. This is required when you have multiple Teleport Discovery services
# running. It prevents discovered services from colliding in Teleport when
# managing discovered resources.
# If two Discovery Services match the same resources, they must be in the
# same discovery group.
# If two Discovery Services match different resources, they must be in
# different discovery groups.
discovery_group: "disc-group"
# poll_interval is the cadence at which the discovery server will run each of its
# discovery cycles. The default is 5m.
Original file line number Diff line number Diff line change
@@ -396,6 +396,7 @@ ssh_service:
enabled: off
discovery_service:
enabled: "yes"
discovery_group: "gke-myproject"
gcp:
- types: ["gke"]
locations: ["*"]
@@ -433,6 +434,7 @@ clusters in project `myproj-prod` running in `us-east2`, but *not* clusters in
```yaml
discovery_service:
enabled: "yes"
discovery_group: "gke-myproject"
gcp:
- types: ["gke"]
locations: ["us-east1"]
Original file line number Diff line number Diff line change
@@ -62,11 +62,6 @@ and their default values.
# This section configures the Discovery Service
discovery_service:
enabled: "yes"
# discovery_group is used to group discovered resources into different
# sets. This is useful when you have multiple Teleport Discovery services
# running in the same cluster but polling different cloud providers or cloud
# accounts. It prevents discovered services from colliding in Teleport when
# managing discovered resources.
discovery_group: "prod"
aws:
# AWS resource types. Valid options are:
Original file line number Diff line number Diff line change
@@ -235,6 +235,8 @@ the Discovery Service.
In order to enable Azure instance discovery the `discovery_service.azure` section
of `teleport.yaml` must include at least one entry:

(!docs/pages/includes/discovery/discovery-group.mdx!)

```yaml
version: v3
teleport:
@@ -250,6 +252,7 @@ ssh_service:
enabled: off
discovery_service:
enabled: "yes"
discovery_group: "azure-prod"
azure:
- types: ["vm"]
subscriptions: ["<subscription>"]
Original file line number Diff line number Diff line change
@@ -118,6 +118,8 @@ run the Discovery Service.
In order to enable EC2 instance discovery the `discovery_service.aws` section
of `teleport.yaml` must include at least one entry:

(!docs/pages/includes/discovery/discovery-group.mdx!)

```yaml
version: v3
teleport:
@@ -133,6 +135,7 @@ ssh_service:
enabled: off
discovery_service:
enabled: "yes"
discovery_group: "aws-prod"
aws:
- types: ["ec2"]
regions: ["us-east-1","us-west-1"]
Original file line number Diff line number Diff line change
@@ -231,6 +231,8 @@ the Discovery Service.
In order to enable GCP instance discovery the `discovery_service.gcp` section
of `teleport.yaml` must include at least one entry:

(!docs/pages/includes/discovery/discovery-group.mdx!)

```yaml
version: v3
teleport:
@@ -246,6 +248,7 @@ ssh_service:
enabled: off
discovery_service:
enabled: "yes"
discovery_group: "gcp-prod"
gcp:
- types: ["gce"]
# The IDs of GCP projects that VMs can join from.
Original file line number Diff line number Diff line change
@@ -23,8 +23,12 @@ You can reduce the policy size by separating them into multiple IAM roles. Use
<TabItem label="Auto-Discovery by Discovery Service">
You can specify `assume_role_arn` in the AWS matchers of Discovery Service's
configuration:

(!docs/pages/includes/discovery/discovery-group.mdx!)

```yaml
discovery_service:
discovery_group: "prod"
enabled: "yes"
aws:
- types: ["rds"]
1 change: 1 addition & 0 deletions docs/pages/includes/server-access/custom-installer.mdx
Original file line number Diff line number Diff line change
@@ -39,6 +39,7 @@ Multiple `installer` resources can exist and be specified in the

```yaml
discovery_service:
# ...
{{ matcher }}:
- types: {{ matchTypes }}
tags:
Original file line number Diff line number Diff line change
@@ -37,6 +37,8 @@ Discovery Service, then restart the agents running these services.
Configuration for the Discovery Service is controlled by the `kubernetes` field,
example:

(!docs/pages/includes/discovery/discovery-group.mdx!)

```yaml
# This section configures the Discovery Service
discovery_service:

0 comments on commit 8913bdd

Please sign in to comment.