From a337e46e5795b17cb3b12c767b385c13bf32bcf7 Mon Sep 17 00:00:00 2001 From: Marco Dinis Date: Tue, 12 Nov 2024 16:50:55 +0000 Subject: [PATCH] Docs: add discovery_group to teleport.yaml/discovery_service examples (#48362) * Docs: add discovery_group to teleport.yaml/discovery_service examples When the discovery_group is not configured, teleport will log a warning message saying that it is recommended. Some configuration examples do not include it, so when users use that example to implement their own variation, it will output a warning message. After seeing that warning users might wonder if there's anything wrong with their `teleport.yaml`. Instead, we add a discovery_group to all examples so that users don't get that message. * explain discovery group * use partial instead --- .../teleport-policy/integrations/aws-sync.mdx | 1 - .../auto-discovery/databases/databases.mdx | 8 -------- .../auto-discovery/kubernetes/google-cloud.mdx | 2 ++ .../auto-discovery/kubernetes/kubernetes.mdx | 5 ----- .../auto-discovery/servers/azure-discovery.mdx | 3 +++ .../auto-discovery/servers/ec2-discovery.mdx | 3 +++ .../auto-discovery/servers/gcp-discovery.mdx | 3 +++ .../aws-troubleshooting-max-policy-size.mdx | 4 ++++ docs/pages/includes/server-access/custom-installer.mdx | 1 + .../agent-services/kubernetes-application-discovery.mdx | 2 ++ 10 files changed, 18 insertions(+), 14 deletions(-) diff --git a/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx b/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx index 2aae7cd963fb5..5341c70af34b3 100644 --- a/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx +++ b/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx @@ -88,7 +88,6 @@ that are set up with the `discovery_group` matching discovery_service: enabled: true discovery_group: - ``` Notice that if you already operate a Discovery Service within your cluster, diff --git a/docs/pages/enroll-resources/auto-discovery/databases/databases.mdx b/docs/pages/enroll-resources/auto-discovery/databases/databases.mdx index fe893fa1a9787..2f153b4676086 100644 --- a/docs/pages/enroll-resources/auto-discovery/databases/databases.mdx +++ b/docs/pages/enroll-resources/auto-discovery/databases/databases.mdx @@ -75,14 +75,6 @@ Here's an example database discovery configuration for the Discovery Service: ```yaml discovery_service: enabled: true - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "disc-group" # poll_interval is the cadence at which the discovery server will run each of its # discovery cycles. The default is 5m. diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx index b26f94f22566c..43a9eaa3d8161 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx @@ -396,6 +396,7 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + discovery_group: "gke-myproject" gcp: - types: ["gke"] locations: ["*"] @@ -433,6 +434,7 @@ clusters in project `myproj-prod` running in `us-east2`, but *not* clusters in ```yaml discovery_service: enabled: "yes" + discovery_group: "gke-myproject" gcp: - types: ["gke"] locations: ["us-east1"] diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx index 2f24fa39bd08b..f1d43d48870c2 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx @@ -62,11 +62,6 @@ and their default values. # This section configures the Discovery Service discovery_service: enabled: "yes" - # discovery_group is used to group discovered resources into different - # sets. This is useful when you have multiple Teleport Discovery services - # running in the same cluster but polling different cloud providers or cloud - # accounts. It prevents discovered services from colliding in Teleport when - # managing discovered resources. discovery_group: "prod" aws: # AWS resource types. Valid options are: diff --git a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx index e9fcc2fef6a7d..e87d3ecc104a5 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx @@ -235,6 +235,8 @@ the Discovery Service. In order to enable Azure instance discovery the `discovery_service.azure` section of `teleport.yaml` must include at least one entry: +(!docs/pages/includes/discovery/discovery-group.mdx!) + ```yaml version: v3 teleport: @@ -250,6 +252,7 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + discovery_group: "azure-prod" azure: - types: ["vm"] subscriptions: [""] diff --git a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx index c85ed32e1e98f..e3fa7e2f86d3c 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx @@ -118,6 +118,8 @@ run the Discovery Service. In order to enable EC2 instance discovery the `discovery_service.aws` section of `teleport.yaml` must include at least one entry: +(!docs/pages/includes/discovery/discovery-group.mdx!) + ```yaml version: v3 teleport: @@ -133,6 +135,7 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + discovery_group: "aws-prod" aws: - types: ["ec2"] regions: ["us-east-1","us-west-1"] diff --git a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx index 3b050c5d9de26..bdd8d639c0ac7 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx @@ -231,6 +231,8 @@ the Discovery Service. In order to enable GCP instance discovery the `discovery_service.gcp` section of `teleport.yaml` must include at least one entry: +(!docs/pages/includes/discovery/discovery-group.mdx!) + ```yaml version: v3 teleport: @@ -246,6 +248,7 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + discovery_group: "gcp-prod" gcp: - types: ["gce"] # The IDs of GCP projects that VMs can join from. diff --git a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx index 55d0e8bad6a54..89b650b1a2bf2 100644 --- a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx +++ b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx @@ -23,8 +23,12 @@ You can reduce the policy size by separating them into multiple IAM roles. Use You can specify `assume_role_arn` in the AWS matchers of Discovery Service's configuration: + + (!docs/pages/includes/discovery/discovery-group.mdx!) + ```yaml discovery_service: + discovery_group: "prod" enabled: "yes" aws: - types: ["rds"] diff --git a/docs/pages/includes/server-access/custom-installer.mdx b/docs/pages/includes/server-access/custom-installer.mdx index c3f1bdc309133..4d046e5c5bc12 100644 --- a/docs/pages/includes/server-access/custom-installer.mdx +++ b/docs/pages/includes/server-access/custom-installer.mdx @@ -39,6 +39,7 @@ Multiple `installer` resources can exist and be specified in the ```yaml discovery_service: + # ... {{ matcher }}: - types: {{ matchTypes }} tags: diff --git a/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx b/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx index 723a005739aaf..4e5c673c26043 100644 --- a/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx +++ b/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx @@ -37,6 +37,8 @@ Discovery Service, then restart the agents running these services. Configuration for the Discovery Service is controlled by the `kubernetes` field, example: +(!docs/pages/includes/discovery/discovery-group.mdx!) + ```yaml # This section configures the Discovery Service discovery_service: