From 74bdf8a3b1c8f056f1b8c634328179030ad922d7 Mon Sep 17 00:00:00 2001 From: Marco Dinis Date: Mon, 4 Nov 2024 15:53:14 +0000 Subject: [PATCH 1/3] Docs: add discovery_group to teleport.yaml/discovery_service examples When the discovery_group is not configured, teleport will log a warning message saying that it is recommended. Some configuration examples do not include it, so when users use that example to implement their own variation, it will output a warning message. After seeing that warning users might wonder if there's anything wrong with their `teleport.yaml`. Instead, we add a discovery_group to all examples so that users don't get that message. --- .../enroll-resources/auto-discovery/kubernetes/google-cloud.mdx | 2 ++ .../enroll-resources/auto-discovery/servers/azure-discovery.mdx | 1 + .../enroll-resources/auto-discovery/servers/ec2-discovery.mdx | 1 + .../enroll-resources/auto-discovery/servers/gcp-discovery.mdx | 1 + .../database-access/aws-troubleshooting-max-policy-size.mdx | 1 + docs/pages/includes/server-access/custom-installer.mdx | 1 + 6 files changed, 7 insertions(+) diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx index b26f94f22566c..43a9eaa3d8161 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx @@ -396,6 +396,7 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + discovery_group: "gke-myproject" gcp: - types: ["gke"] locations: ["*"] @@ -433,6 +434,7 @@ clusters in project `myproj-prod` running in `us-east2`, but *not* clusters in ```yaml discovery_service: enabled: "yes" + discovery_group: "gke-myproject" gcp: - types: ["gke"] locations: ["us-east1"] diff --git a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx index e9fcc2fef6a7d..4196cfc159862 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx @@ -250,6 +250,7 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + discovery_group: "azure-prod" azure: - types: ["vm"] subscriptions: [""] diff --git a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx index c85ed32e1e98f..c6b25da60f1aa 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx @@ -133,6 +133,7 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + discovery_group: "aws-prod" aws: - types: ["ec2"] regions: ["us-east-1","us-west-1"] diff --git a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx index 3b050c5d9de26..6a351f169e2ff 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx @@ -246,6 +246,7 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + discovery_group: "gcp-prod" gcp: - types: ["gce"] # The IDs of GCP projects that VMs can join from. diff --git a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx index 55d0e8bad6a54..dd4017786888a 100644 --- a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx +++ b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx @@ -25,6 +25,7 @@ You can reduce the policy size by separating them into multiple IAM roles. Use configuration: ```yaml discovery_service: + discovery_group: "prod" enabled: "yes" aws: - types: ["rds"] diff --git a/docs/pages/includes/server-access/custom-installer.mdx b/docs/pages/includes/server-access/custom-installer.mdx index c3f1bdc309133..f3d5f3e987993 100644 --- a/docs/pages/includes/server-access/custom-installer.mdx +++ b/docs/pages/includes/server-access/custom-installer.mdx @@ -39,6 +39,7 @@ Multiple `installer` resources can exist and be specified in the ```yaml discovery_service: + discovery_group: prod {{ matcher }}: - types: {{ matchTypes }} tags: From 8d03de16538b41a00dc2e2465d7e865ef6e68790 Mon Sep 17 00:00:00 2001 From: Marco Dinis Date: Thu, 7 Nov 2024 16:57:33 +0000 Subject: [PATCH 2/3] explain discovery group --- .../auto-discovery/databases/aws.mdx | 8 +++++++ .../auto-discovery/kubernetes/aws.mdx | 8 +++++++ .../auto-discovery/kubernetes/azure.mdx | 8 +++++++ .../kubernetes/google-cloud.mdx | 24 +++++++++++++++++++ .../auto-discovery/kubernetes/kubernetes.mdx | 9 ++++--- .../servers/azure-discovery.mdx | 8 +++++++ .../auto-discovery/servers/ec2-discovery.mdx | 8 +++++++ .../auto-discovery/servers/gcp-discovery.mdx | 8 +++++++ .../aws-troubleshooting-max-policy-size.mdx | 8 +++++++ .../server-access/custom-installer.mdx | 2 +- .../kubernetes-application-discovery.mdx | 8 +++++++ 11 files changed, 95 insertions(+), 4 deletions(-) diff --git a/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx b/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx index 0d1c98a6973c6..6f90598a48838 100644 --- a/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx +++ b/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx @@ -71,6 +71,14 @@ ssh_service: enabled: false discovery_service: enabled: true + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "" ``` diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx index 1d16e399667ee..8641fe2124a8c 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx @@ -306,6 +306,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "aws-prod" aws: - types: ["eks"] diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx index 97028738259c0..806aabfcc52ed 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx @@ -243,6 +243,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "aks-prod" azure: - types: ["aks"] diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx index 43a9eaa3d8161..a7fc0bf478c23 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx @@ -338,6 +338,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "gke-myproject" gcp: - types: ["gke"] @@ -396,6 +404,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "gke-myproject" gcp: - types: ["gke"] @@ -434,6 +450,14 @@ clusters in project `myproj-prod` running in `us-east2`, but *not* clusters in ```yaml discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "gke-myproject" gcp: - types: ["gke"] diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx index 2f24fa39bd08b..8c5d0b26c8f76 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx @@ -63,10 +63,13 @@ and their default values. discovery_service: enabled: "yes" # discovery_group is used to group discovered resources into different - # sets. This is useful when you have multiple Teleport Discovery services - # running in the same cluster but polling different cloud providers or cloud - # accounts. It prevents discovered services from colliding in Teleport when + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "prod" aws: # AWS resource types. Valid options are: diff --git a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx index 4196cfc159862..e54c65c5e9810 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx @@ -250,6 +250,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "azure-prod" azure: - types: ["vm"] diff --git a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx index c6b25da60f1aa..30600111d197c 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx @@ -133,6 +133,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "aws-prod" aws: - types: ["ec2"] diff --git a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx index 6a351f169e2ff..73004a9f18881 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx @@ -246,6 +246,14 @@ ssh_service: enabled: off discovery_service: enabled: "yes" + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "gcp-prod" gcp: - types: ["gce"] diff --git a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx index dd4017786888a..11b3f1e7f005c 100644 --- a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx +++ b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx @@ -25,6 +25,14 @@ You can reduce the policy size by separating them into multiple IAM roles. Use configuration: ```yaml discovery_service: + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: "prod" enabled: "yes" aws: diff --git a/docs/pages/includes/server-access/custom-installer.mdx b/docs/pages/includes/server-access/custom-installer.mdx index f3d5f3e987993..4d046e5c5bc12 100644 --- a/docs/pages/includes/server-access/custom-installer.mdx +++ b/docs/pages/includes/server-access/custom-installer.mdx @@ -39,7 +39,7 @@ Multiple `installer` resources can exist and be specified in the ```yaml discovery_service: - discovery_group: prod + # ... {{ matcher }}: - types: {{ matchTypes }} tags: diff --git a/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx b/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx index 723a005739aaf..e006bf6b941e7 100644 --- a/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx +++ b/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx @@ -41,6 +41,14 @@ example: # This section configures the Discovery Service discovery_service: enabled: yes + # discovery_group is used to group discovered resources into different + # sets. This is required when you have multiple Teleport Discovery services + # running. It prevents discovered services from colliding in Teleport when + # managing discovered resources. + # If two Discovery Services match the same resources, they must be in the + # same discovery group. + # If two Discovery Services match different resources, they must be in + # different discovery groups. discovery_group: main-cluster kubernetes: - types: ["app"] From 7f9ba7a03a23ef7233fc95829f0b225791dd2baa Mon Sep 17 00:00:00 2001 From: Marco Dinis Date: Mon, 11 Nov 2024 10:36:16 +0000 Subject: [PATCH 3/3] use partial instead --- .../teleport-policy/integrations/aws-sync.mdx | 1 - .../auto-discovery/databases/aws.mdx | 8 ------- .../auto-discovery/databases/databases.mdx | 8 ------- .../auto-discovery/kubernetes/aws.mdx | 8 ------- .../auto-discovery/kubernetes/azure.mdx | 8 ------- .../kubernetes/google-cloud.mdx | 24 ------------------- .../auto-discovery/kubernetes/kubernetes.mdx | 8 ------- .../servers/azure-discovery.mdx | 10 ++------ .../auto-discovery/servers/ec2-discovery.mdx | 10 ++------ .../auto-discovery/servers/gcp-discovery.mdx | 10 ++------ .../aws-troubleshooting-max-policy-size.mdx | 11 +++------ .../kubernetes-application-discovery.mdx | 10 ++------ 12 files changed, 11 insertions(+), 105 deletions(-) diff --git a/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx b/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx index 2aae7cd963fb5..5341c70af34b3 100644 --- a/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx +++ b/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx @@ -88,7 +88,6 @@ that are set up with the `discovery_group` matching discovery_service: enabled: true discovery_group: - ``` Notice that if you already operate a Discovery Service within your cluster, diff --git a/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx b/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx index 6f90598a48838..0d1c98a6973c6 100644 --- a/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx +++ b/docs/pages/enroll-resources/auto-discovery/databases/aws.mdx @@ -71,14 +71,6 @@ ssh_service: enabled: false discovery_service: enabled: true - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "" ``` diff --git a/docs/pages/enroll-resources/auto-discovery/databases/databases.mdx b/docs/pages/enroll-resources/auto-discovery/databases/databases.mdx index fe893fa1a9787..2f153b4676086 100644 --- a/docs/pages/enroll-resources/auto-discovery/databases/databases.mdx +++ b/docs/pages/enroll-resources/auto-discovery/databases/databases.mdx @@ -75,14 +75,6 @@ Here's an example database discovery configuration for the Discovery Service: ```yaml discovery_service: enabled: true - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "disc-group" # poll_interval is the cadence at which the discovery server will run each of its # discovery cycles. The default is 5m. diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx index 8641fe2124a8c..1d16e399667ee 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/aws.mdx @@ -306,14 +306,6 @@ ssh_service: enabled: off discovery_service: enabled: "yes" - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "aws-prod" aws: - types: ["eks"] diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx index 806aabfcc52ed..97028738259c0 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/azure.mdx @@ -243,14 +243,6 @@ ssh_service: enabled: off discovery_service: enabled: "yes" - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "aks-prod" azure: - types: ["aks"] diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx index a7fc0bf478c23..43a9eaa3d8161 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx @@ -338,14 +338,6 @@ ssh_service: enabled: off discovery_service: enabled: "yes" - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "gke-myproject" gcp: - types: ["gke"] @@ -404,14 +396,6 @@ ssh_service: enabled: off discovery_service: enabled: "yes" - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "gke-myproject" gcp: - types: ["gke"] @@ -450,14 +434,6 @@ clusters in project `myproj-prod` running in `us-east2`, but *not* clusters in ```yaml discovery_service: enabled: "yes" - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "gke-myproject" gcp: - types: ["gke"] diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx index 8c5d0b26c8f76..f1d43d48870c2 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx @@ -62,14 +62,6 @@ and their default values. # This section configures the Discovery Service discovery_service: enabled: "yes" - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "prod" aws: # AWS resource types. Valid options are: diff --git a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx index e54c65c5e9810..e87d3ecc104a5 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx @@ -235,6 +235,8 @@ the Discovery Service. In order to enable Azure instance discovery the `discovery_service.azure` section of `teleport.yaml` must include at least one entry: +(!docs/pages/includes/discovery/discovery-group.mdx!) + ```yaml version: v3 teleport: @@ -250,14 +252,6 @@ ssh_service: enabled: off discovery_service: enabled: "yes" - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "azure-prod" azure: - types: ["vm"] diff --git a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx index 30600111d197c..e3fa7e2f86d3c 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx @@ -118,6 +118,8 @@ run the Discovery Service. In order to enable EC2 instance discovery the `discovery_service.aws` section of `teleport.yaml` must include at least one entry: +(!docs/pages/includes/discovery/discovery-group.mdx!) + ```yaml version: v3 teleport: @@ -133,14 +135,6 @@ ssh_service: enabled: off discovery_service: enabled: "yes" - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "aws-prod" aws: - types: ["ec2"] diff --git a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx index 73004a9f18881..bdd8d639c0ac7 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx @@ -231,6 +231,8 @@ the Discovery Service. In order to enable GCP instance discovery the `discovery_service.gcp` section of `teleport.yaml` must include at least one entry: +(!docs/pages/includes/discovery/discovery-group.mdx!) + ```yaml version: v3 teleport: @@ -246,14 +248,6 @@ ssh_service: enabled: off discovery_service: enabled: "yes" - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "gcp-prod" gcp: - types: ["gce"] diff --git a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx index 11b3f1e7f005c..89b650b1a2bf2 100644 --- a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx +++ b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx @@ -23,16 +23,11 @@ You can reduce the policy size by separating them into multiple IAM roles. Use You can specify `assume_role_arn` in the AWS matchers of Discovery Service's configuration: + + (!docs/pages/includes/discovery/discovery-group.mdx!) + ```yaml discovery_service: - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: "prod" enabled: "yes" aws: diff --git a/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx b/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx index e006bf6b941e7..4e5c673c26043 100644 --- a/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx +++ b/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx @@ -37,18 +37,12 @@ Discovery Service, then restart the agents running these services. Configuration for the Discovery Service is controlled by the `kubernetes` field, example: +(!docs/pages/includes/discovery/discovery-group.mdx!) + ```yaml # This section configures the Discovery Service discovery_service: enabled: yes - # discovery_group is used to group discovered resources into different - # sets. This is required when you have multiple Teleport Discovery services - # running. It prevents discovered services from colliding in Teleport when - # managing discovered resources. - # If two Discovery Services match the same resources, they must be in the - # same discovery group. - # If two Discovery Services match different resources, they must be in - # different discovery groups. discovery_group: main-cluster kubernetes: - types: ["app"]