Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document that crdb can be used a a pg replacement for events #44704

Merged
merged 5 commits into from
Aug 5, 2024
Merged

Document that crdb can be used a a pg replacement for events #44704

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d645db5
Document that crdb can be used a a pg replacement for events
hugoShaka Jul 26, 2024
5396616
Apply suggestions from code review
hugoShaka Jul 29, 2024
5694ee2
Update docs/pages/reference/backends.mdx
hugoShaka Jul 29, 2024
ad9d77d
address feedback
hugoShaka Aug 2, 2024
dd578b5
Update docs/pages/reference/backends.mdx
hugoShaka Aug 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion docs/pages/reference/backends.mdx
View file
Open in desktop
hugoShaka marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
| Data type | Description | Supported storage backends |
| - | - | - |
| core cluster state | Cluster configuration (e.g. users, roles, auth connectors) and identity (e.g. certificate authorities, registered nodes, trusted clusters). | Local directory (SQLite), etcd, PostgreSQL, Amazon DynamoDB, GCP Firestore, CockroachDB |
| audit events | JSON-encoded events from the audit log (e.g. user logins, RBAC changes) | Local directory, PostgreSQL, AWS DynamoDB, GCP Firestore |
| audit events | JSON-encoded events from the audit log (e.g. user logins, RBAC changes) | Local directory, PostgreSQL/CockroachDB, AWS DynamoDB, GCP Firestore |

Check warning on line 16 in docs/pages/reference/backends.mdx

View workflow job for this annotation

GitHub Actions / Lint docs prose style 

[vale] reported by reviewdog 🐶
[aws-products.company-name] Incorrect AWS product name. Use Amazon DynamoDB instead of AWS DynamoDB.

Raw Output:
{"message": "[aws-products.company-name] Incorrect AWS product name. Use Amazon DynamoDB instead of AWS DynamoDB.", "location": {"path": "docs/pages/reference/backends.mdx", "range": {"start": {"line": 16, "column": 133}}}, "severity": "WARNING"}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know that we should be equating the Postgres and CockroachDB backend like this.

Suggested change
| audit events | JSON-encoded events from the audit log (e.g. user logins, RBAC changes) | Local directory, PostgreSQL/CockroachDB, AWS DynamoDB, GCP Firestore |
| audit events | JSON-encoded events from the audit log (e.g. user logins, RBAC changes) | Local directory, PostgreSQL, CockroachDB, AWS DynamoDB, GCP Firestore |

Copy link
Contributor Author

@hugoShaka hugoShaka Jul 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For audit events, we use the same backend for pg and crdb. For cluster state we use separate backends.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That seems more like an internal implementation detail than something that should be conveyed in our documentation though.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure because in one case, the user needs enterprise + explicitly specify the cockroachDB backend. In the other, they configure a postgres audit backend that happens to be backed by crdb but it's transparent.

hugoShaka marked this conversation as resolved.
Show resolved Hide resolved
| session recordings | Raw terminal recordings of interactive user sessions | Local directory, AWS S3 (and any S3-compatible product), GCP Cloud Storage, Azure Blob Storage |
| teleport instance state | ID and credentials of a non-auth teleport instance (e.g. node, proxy) | Local directory, Kubernetes Secret |

Expand Down Expand Up @@ -330,6 +330,13 @@
- postgresql://user_name@database-address/teleport_audit?sslmode=verify-full#disable_cleanup=false&retention_period=2160h
```

<Admonition type="note">
hugoShaka marked this conversation as resolved.
Show resolved Hide resolved
CockroachDB can be used as a Postgres drop-in replacement to store audit events (requires Teleport version >= 15.4.2).
hugoShaka marked this conversation as resolved.
Show resolved Hide resolved

Teleport can store the core state in CockroachDB but this require CockroachDB-specific configuration.
hugoShaka marked this conversation as resolved.
Show resolved Hide resolved
See the [CockroachDB backend section](#cockroachdb) for more details.
</Admonition>

### Authentication

We strongly recommend using [client
Expand Down
Loading