diff --git a/docs/pages/includes/application-access/aws-database-prerequisites.mdx b/docs/pages/includes/application-access/aws-database-prerequisites.mdx index 3555e61d05e4e..6b0b3ec12a44c 100644 --- a/docs/pages/includes/application-access/aws-database-prerequisites.mdx +++ b/docs/pages/includes/application-access/aws-database-prerequisites.mdx @@ -14,6 +14,6 @@ If you have not yet deployed the Auth Service and Proxy Service, you should foll We will assume your Teleport cluster is accessible at `teleport.example.com` and `*.teleport.example.com`. You can substitute the address of your Teleport Proxy Service. (For Teleport Cloud customers, this will be similar to `mytenant.teleport.sh`.) - + (!docs/pages/includes/dns-app-access.mdx!) diff --git a/docs/pages/includes/database-access/azure-configure-service-principal.mdx b/docs/pages/includes/database-access/azure-configure-service-principal.mdx index fbebd9faa2957..1f6d8a809ef12 100644 --- a/docs/pages/includes/database-access/azure-configure-service-principal.mdx +++ b/docs/pages/includes/database-access/azure-configure-service-principal.mdx @@ -4,10 +4,10 @@ resources: - The Database Service can run on an Azure VM with attached managed identity. This is the recommended way of deploying the Database Service in production since it eliminates the need to manage Azure credentials. -- The Database Service can be registered as an Azure AD application (via AD's "App - registrations") and configured with its credentials. This is only recommended - for development and testing purposes since it requires Azure credentials to - be present in the Database Service's environment. +- The Database Service can be registered as a Microsoft Entra ID application + (via "App registrations") and configured with its credentials. This is only + recommended for development and testing purposes since it requires Azure + credentials to be present in the Database Service's environment. @@ -35,14 +35,15 @@ resources: - Registering the Database Service as Azure AD application is suitable for - test and development scenarios, or if your Database Service does not run on - an Azure VM. For production scenarios prefer to use the managed identity + Registering the Database Service as a Microsoft Entra ID application is + suitable for test and development scenarios, or if your Database Service + does not run on an Azure VM. For production scenarios prefer to use the + managed identity approach. Go to the [App registrations](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps) - page of your Azure Active Directory and click on *New registration*: + page of Microsoft Entra ID and click on *New registration*: ![App registrations](../../../img/azure/app-registrations@2x.png) diff --git a/docs/pages/includes/database-access/db-helm-install.mdx b/docs/pages/includes/database-access/db-helm-install.mdx index 224d5ea9ea21b..ee7ad5b7fd97a 100644 --- a/docs/pages/includes/database-access/db-helm-install.mdx +++ b/docs/pages/includes/database-access/db-helm-install.mdx @@ -42,7 +42,7 @@ $ helm install teleport-kube-agent teleport/teleport-kube-agent \ -Make sure that the Teleport agent pod is running. You should see one +Make sure that the Teleport Agent pod is running. You should see one `teleport-kube-agent` pod with a single ready container: ```code diff --git a/docs/pages/includes/database-access/self-hosted-db-helm-install.mdx b/docs/pages/includes/database-access/self-hosted-db-helm-install.mdx index 3f6a1cf24efb7..e670586de3ca0 100644 --- a/docs/pages/includes/database-access/self-hosted-db-helm-install.mdx +++ b/docs/pages/includes/database-access/self-hosted-db-helm-install.mdx @@ -1,5 +1,5 @@ {{ dbName="test" }} -Install a Teleport agent into your Kubernetes Cluster with the Teleport Database +Install a Teleport Agent into your Kubernetes Cluster with the Teleport Database Service configuration. Create a file called `values.yaml` with the following content. Update diff --git a/docs/pages/includes/device-trust/support-notice.mdx b/docs/pages/includes/device-trust/support-notice.mdx index ee55c48303130..182a081877c87 100644 --- a/docs/pages/includes/device-trust/support-notice.mdx +++ b/docs/pages/includes/device-trust/support-notice.mdx @@ -2,7 +2,7 @@ Device Trust supports all platforms and clients, including `tsh`, Teleport Connect and the Web UI (requires Teleport Connect to be installed). - The following resources are protected by device trust: + The following resources are protected by Device Trust: - Role-based enforcement only: Apps and Desktops - Cluster and role-based enforcement: SSH nodes, databases, and Kubernetes diff --git a/docs/pages/includes/device-trust/troubleshooting.mdx b/docs/pages/includes/device-trust/troubleshooting.mdx index 3e18fb6d56d67..d9879ca1ff227 100644 --- a/docs/pages/includes/device-trust/troubleshooting.mdx +++ b/docs/pages/includes/device-trust/troubleshooting.mdx @@ -77,7 +77,7 @@ follow the steps below: URL handler). 3. Make sure Teleport Connect can access the same resource you are trying to access on the Web -4. Ask your cluster administrator if device trust is enabled (cluster mode +4. Ask your cluster administrator if Device Trust is enabled (cluster mode "optional" or higher) If all of the above steps are done, try logging out from the Web UI and logging diff --git a/docs/pages/includes/discovery/database-service-troubleshooting.mdx b/docs/pages/includes/discovery/database-service-troubleshooting.mdx index 96f07241b8663..31ed6a52a5663 100644 --- a/docs/pages/includes/discovery/database-service-troubleshooting.mdx +++ b/docs/pages/includes/discovery/database-service-troubleshooting.mdx @@ -63,9 +63,9 @@ and then try the connection again. Check the Teleport Database Service logs with DEBUG level logging enabled and look for network or permissions errors. -Refer to -[Troubleshooting Database Access](../../enroll-resources/database-access/troubleshooting.mdx) -for more general troubleshooting steps. +Refer to the [Database Service troubleshooting +guide](../../enroll-resources/database-access/troubleshooting.mdx) for more +general troubleshooting steps. Additionally, a guide specific to the type of database in [Enroll AWS Databases](../../enroll-resources/database-access/enroll-aws-databases/enroll-aws-databases.mdx). diff --git a/docs/pages/includes/edition-comparison.mdx b/docs/pages/includes/edition-comparison.mdx index f9d91d92eaf65..d9ff6ec133199 100644 --- a/docs/pages/includes/edition-comparison.mdx +++ b/docs/pages/includes/edition-comparison.mdx @@ -45,12 +45,12 @@ _Available as an add-on to Teleport Enterprise_ ||Community Edition|Enterprise|Cloud| |---|---|---|---| |Agentless Integration with [OpenSSH Servers](../enroll-resources/server-access/openssh/openssh-agentless.mdx)|✔|✔|✔| -|[Application Access](../enroll-resources/application-access/getting-started.mdx)|✔|✔|✔| -|[Database Access](../enroll-resources/database-access/getting-started.mdx)|✔|✔|✔| -|[Desktop Access](../enroll-resources/desktop-access/introduction.mdx)|✔|✔|✔| -|[Kubernetes Access](../enroll-resources/kubernetes-access/getting-started.mdx)|✔|✔|✔| +|[Protecting Applications](../enroll-resources/application-access/getting-started.mdx)|✔|✔|✔| +|[Protecting Databases](../enroll-resources/database-access/getting-started.mdx)|✔|✔|✔| +|[Protecting Windows Desktops](../enroll-resources/desktop-access/introduction.mdx)|✔|✔|✔| +|[Protecting Kubernetes Clusters](../enroll-resources/kubernetes-access/getting-started.mdx)|✔|✔|✔| |[Machine ID](../enroll-resources/machine-id/getting-started.mdx)|✔|✔|✔| -|[Server Access](../enroll-resources/server-access/getting-started.mdx)|✔|✔|✔| +|[Protecting Linux Servers](../enroll-resources/server-access/getting-started.mdx)|✔|✔|✔| ### Licensing and usage management diff --git a/docs/pages/includes/enterprise/hsm-warning.mdx b/docs/pages/includes/enterprise/hsm-warning.mdx index b67021b3490ad..22ead5d767c75 100644 --- a/docs/pages/includes/enterprise/hsm-warning.mdx +++ b/docs/pages/includes/enterprise/hsm-warning.mdx @@ -1,5 +1,5 @@ -Teleport Cloud and Teleport Open Source do not currently support HSMs or +Teleport Cloud and Teleport Community Edition do not currently support HSMs or Key Management Services. diff --git a/docs/pages/includes/helm-reference/zz_generated.teleport-kube-agent.mdx b/docs/pages/includes/helm-reference/zz_generated.teleport-kube-agent.mdx index c7fb92710685e..f7b7542c5311f 100644 --- a/docs/pages/includes/helm-reference/zz_generated.teleport-kube-agent.mdx +++ b/docs/pages/includes/helm-reference/zz_generated.teleport-kube-agent.mdx @@ -77,7 +77,7 @@ roles `App` and `Kube`. ## `joinParams` -`joinParams` controls how the Teleport agent joins the Teleport cluster. +`joinParams` controls how the Teleport Agent joins the Teleport cluster. These sub-values must be configured for the agent to connect to a cluster. This value serves the same purpose as [`authToken`](#authToken) but supports @@ -131,7 +131,7 @@ is provided through an existing Kubernetes Secret, see | `string` | `""` | `kubeClusterName` sets the name used for the Kubernetes cluster proxied by -the Teleport agent. This name will be shown to Teleport users connecting to +the Teleport Agent. This name will be shown to Teleport users connecting to the cluster. This setting is required if the chart `roles` contains `kube`. @@ -372,7 +372,7 @@ databases: ``` - You can see a list of all the supported [values which can be used in a Teleport database service configuration here](../../reference/agent-services/database-access-reference/configuration.mdx). + You can see a list of all the supported [values which can be used in a Teleport Database Service configuration here](../../reference/agent-services/database-access-reference/configuration.mdx). @@ -917,7 +917,7 @@ labels: ## `highAvailability` `highAvailability` contains settings controlling the availability of the -Teleport agent deployed by the chart. +Teleport Agent deployed by the chart. The availability can be increased by: - running more replicas with `replicaCount` @@ -1112,24 +1112,25 @@ cluster role binding. |------|---------| | `string` | `"public.ecr.aws/gravitational/teleport-distroless"` | -`image` sets the container image used for Teleport OSS agent pods -created by the chart. +`image` sets the container image used for Teleport Community Edition +Agent pods created by the chart. -You can override this to use your own Teleport image rather than a Teleport-published image. +You can override this to use your own Teleport image rather than a +Teleport-published image. - When using the Teleport Kube Agent Updater, you must ensure the image is - available before the updater version target gets updated and Kubernetes tries - to pull the image. +When using the Teleport Kube Agent Updater, you must ensure the +image is available before the updater version target gets updated and +Kubernetes tries to pull the image. - For this reason, it is strongly discouraged to set a custom image when - using automatic updates. Teleport Cloud uses automatic updates by default. +For this reason, it is strongly discouraged to set a custom image when using +automatic updates. Teleport Cloud uses automatic updates by default. -Since version 13, hardened distroless images are used by default. -You can use the deprecated debian-based images by setting the value to -`public.ecr.aws/gravitational/teleport`. Those images will be -removed with teleport 15. +Since version 13, hardened distroless images are used by default. You can use +the deprecated debian-based images by setting the value to +`public.ecr.aws/gravitational/teleport`. Those images will be removed with +teleport 15. This setting only takes effect when [`enterprise`](#enterprise) is `false`. When running an enterprise version, you must use diff --git a/docs/pages/includes/helm-reference/zz_generated.teleport-operator.mdx b/docs/pages/includes/helm-reference/zz_generated.teleport-operator.mdx index a1cda3b612cda..09fd0fb3a48c6 100644 --- a/docs/pages/includes/helm-reference/zz_generated.teleport-operator.mdx +++ b/docs/pages/includes/helm-reference/zz_generated.teleport-operator.mdx @@ -52,8 +52,8 @@ For example: | `list[string]` | `[]` | `caPins` is a list of Teleport CA fingerprints that is used by the operator to -validate the identity of the Teleport Auth server. This is only used when joining -an Auth server directly (on port `3025`) and is ignored when joining through a Proxy +validate the identity of the Teleport Auth Service. This is only used when joining +an Auth Service directly (on port `3025`) and is ignored when joining through a Proxy (port `443` or `3080`). ## `joinMethod` diff --git a/docs/pages/includes/kubernetes-access/helm/teleport-cluster-cloud-warning.mdx b/docs/pages/includes/kubernetes-access/helm/teleport-cluster-cloud-warning.mdx index f73a7d4435a6b..ff5b0229c4b21 100644 --- a/docs/pages/includes/kubernetes-access/helm/teleport-cluster-cloud-warning.mdx +++ b/docs/pages/includes/kubernetes-access/helm/teleport-cluster-cloud-warning.mdx @@ -3,9 +3,10 @@ intended to help you get started with Teleport by deploying the Auth Service and Proxy Service in a Kubernetes cluster so you can access that cluster via the Kubernetes Service. -Since the Auth and Proxy Services are fully managed in Teleport Cloud, you should -install our `teleport-kube-agent` chart, which is intended for deployments where -the Auth Service and Proxy Service run outside your Kubernetes cluster. +Since the Auth Service and Proxy Service are fully managed in Teleport Cloud, +you should install our `teleport-kube-agent` chart, which is intended for +deployments where the Auth Service and Proxy Service run outside your Kubernetes +cluster. You can use the `teleport-kube-agent` chart to enable the Application Service and Database Service in addition to the Kubernetes Service. diff --git a/docs/pages/includes/metrics.mdx b/docs/pages/includes/metrics.mdx index e875f84e75968..d3ff005ac946b 100644 --- a/docs/pages/includes/metrics.mdx +++ b/docs/pages/includes/metrics.mdx @@ -133,10 +133,10 @@ | `teleport_db_connection_setup_time_seconds` | histogram | Teleport Database Service | Initial time to setup DB connection, before any requests are handled. | | `teleport_db_errors_total` | counter | Teleport Database Service | Number of synthetic DB errors sent to the client. | -### Kubernetes Access +### Kubernetes access -The following tables identify all metrics available in the proxy service if -Kubernetes access is enabled. +The following tables identify all metrics available in the Teleport Proxy +Service if at least one Kubernetes cluster is enrolled in your Teleport cluster. #### Client diff --git a/docs/pages/includes/permission-warning.mdx b/docs/pages/includes/permission-warning.mdx index f5a1e09797ea5..ab9cbc629560f 100644 --- a/docs/pages/includes/permission-warning.mdx +++ b/docs/pages/includes/permission-warning.mdx @@ -14,7 +14,7 @@ For example, don't assign users the built-in `access,editor` roles, which give them permissions to access and edit all cluster resources. Instead, define roles with the minimum required permissions for each user and configure - **access requests** to provide temporary elevated permissions. + **Access Requests** to provide temporary elevated permissions. - When you enroll Teleport resources—for example, new databases or applications—you should save the invitation token to a file. If you enter the token directly on the command line, a malicious user could view diff --git a/docs/pages/includes/soc2.mdx b/docs/pages/includes/soc2.mdx index 69172e4dc153f..e89794a225495 100644 --- a/docs/pages/includes/soc2.mdx +++ b/docs/pages/includes/soc2.mdx @@ -2,7 +2,7 @@ We undergo an annual SOC 2 Type II audit of the Teleport Access Platform. The audit report covers: -- Teleport Open Source +- Teleport Community Edition - Teleport Enterprise, self-hosted - Teleport Enterprise, cloud-hosted (SaaS) diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/values.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/values.yaml index e79f4bb4b5222..f96b8ec1ab483 100644 --- a/examples/chart/teleport-cluster/charts/teleport-operator/values.yaml +++ b/examples/chart/teleport-cluster/charts/teleport-operator/values.yaml @@ -28,8 +28,8 @@ installCRDs: "dynamic" teleportAddress: "" # caPins(list[string]) -- is a list of Teleport CA fingerprints that is used by the operator to -# validate the identity of the Teleport Auth server. This is only used when joining -# an Auth server directly (on port `3025`) and is ignored when joining through a Proxy +# validate the identity of the Teleport Auth Service. This is only used when joining +# an Auth Service directly (on port `3025`) and is ignored when joining through a Proxy # (port `443` or `3080`). caPins: [] diff --git a/examples/chart/teleport-kube-agent/values.yaml b/examples/chart/teleport-kube-agent/values.yaml index 66f7e6c33db3f..c51491783e11c 100644 --- a/examples/chart/teleport-kube-agent/values.yaml +++ b/examples/chart/teleport-kube-agent/values.yaml @@ -56,7 +56,7 @@ enterprise: false # roles `App` and `Kube`. authToken: "" -# joinParams -- controls how the Teleport agent joins the Teleport cluster. +# joinParams -- controls how the Teleport Agent joins the Teleport cluster. # These sub-values must be configured for the agent to connect to a cluster. # # This value serves the same purpose as [`authToken`](#authToken) but supports @@ -98,7 +98,7 @@ joinParams: ################################################################ # kubeClusterName(string) -- sets the name used for the Kubernetes cluster proxied by -# the Teleport agent. This name will be shown to Teleport users connecting to +# the Teleport Agent. This name will be shown to Teleport users connecting to # the cluster. # # This setting is required if the chart `roles` contains `kube`. @@ -320,7 +320,7 @@ azureDatabases: [] # ``` # # -# You can see a list of all the supported [values which can be used in a Teleport database service configuration here](../../reference/agent-services/database-access-reference/configuration.mdx). +# You can see a list of all the supported [values which can be used in a Teleport Database Service configuration here](../../reference/agent-services/database-access-reference/configuration.mdx). # # # @@ -748,7 +748,7 @@ podSecurityPolicy: labels: {} # highAvailability -- contains settings controlling the availability of the -# Teleport agent deployed by the chart. +# Teleport Agent deployed by the chart. # # The availability can be increased by: # - running more replicas with `replicaCount` @@ -876,24 +876,25 @@ adminClusterRoleBinding: # Values that you shouldn't need to change. ################################################################ -# image(string) -- sets the container image used for Teleport OSS agent pods -# created by the chart. +# image(string) -- sets the container image used for Teleport Community Edition +# Agent pods created by the chart. # -# You can override this to use your own Teleport image rather than a Teleport-published image. +# You can override this to use your own Teleport image rather than a +# Teleport-published image. # -# -# When using the Teleport Kube Agent Updater, you must ensure the image is -# available before the updater version target gets updated and Kubernetes tries -# to pull the image. +# +# When using the Teleport Kube Agent Updater, you must ensure the +# image is available before the updater version target gets updated and +# Kubernetes tries to pull the image. # -# For this reason, it is strongly discouraged to set a custom image when -# using automatic updates. Teleport Cloud uses automatic updates by default. +# For this reason, it is strongly discouraged to set a custom image when using +# automatic updates. Teleport Cloud uses automatic updates by default. # # -# Since version 13, hardened distroless images are used by default. -# You can use the deprecated debian-based images by setting the value to -# `public.ecr.aws/gravitational/teleport`. Those images will be -# removed with teleport 15. +# Since version 13, hardened distroless images are used by default. You can use +# the deprecated debian-based images by setting the value to +# `public.ecr.aws/gravitational/teleport`. Those images will be removed with +# teleport 15. # # This setting only takes effect when [`enterprise`](#enterprise) is `false`. # When running an enterprise version, you must use