Skip to content

Commit

Permalink
[v16] Docs: add discovery_group to teleport.yaml/discovery_service ex…
Browse files Browse the repository at this point in the history
…amples (#48826)

* Docs: add discovery_group to teleport.yaml/discovery_service examples

When the discovery_group is not configured, teleport will log a warning
message saying that it is recommended.
Some configuration examples do not include it, so when users use that
example to implement their own variation, it will output a warning
message.
After seeing that warning users might wonder if there's anything wrong
with their `teleport.yaml`.
Instead, we add a discovery_group to all examples so that users don't
get that message.

* explain discovery group

* use partial instead
  • Loading branch information
marcoandredinis authored Nov 14, 2024
1 parent 6ee1422 commit 8913bdd
Show file tree
Hide file tree
Showing 10 changed files with 18 additions and 14 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,6 @@ that are set up with the `discovery_group` matching
discovery_service:
enabled: true
discovery_group: <Var name="access-graph-disc" />

```
Notice that if you already operate a Discovery Service within your cluster,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -73,14 +73,6 @@ Here's an example database discovery configuration for the Discovery Service:
```yaml
discovery_service:
enabled: true
# discovery_group is used to group discovered resources into different
# sets. This is required when you have multiple Teleport Discovery services
# running. It prevents discovered services from colliding in Teleport when
# managing discovered resources.
# If two Discovery Services match the same resources, they must be in the
# same discovery group.
# If two Discovery Services match different resources, they must be in
# different discovery groups.
discovery_group: "disc-group"
# poll_interval is the cadence at which the discovery server will run each of its
# discovery cycles. The default is 5m.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -396,6 +396,7 @@ ssh_service:
enabled: off
discovery_service:
enabled: "yes"
discovery_group: "gke-myproject"
gcp:
- types: ["gke"]
locations: ["*"]
Expand Down Expand Up @@ -433,6 +434,7 @@ clusters in project `myproj-prod` running in `us-east2`, but *not* clusters in
```yaml
discovery_service:
enabled: "yes"
discovery_group: "gke-myproject"
gcp:
- types: ["gke"]
locations: ["us-east1"]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,11 +62,6 @@ and their default values.
# This section configures the Discovery Service
discovery_service:
enabled: "yes"
# discovery_group is used to group discovered resources into different
# sets. This is useful when you have multiple Teleport Discovery services
# running in the same cluster but polling different cloud providers or cloud
# accounts. It prevents discovered services from colliding in Teleport when
# managing discovered resources.
discovery_group: "prod"
aws:
# AWS resource types. Valid options are:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,8 @@ the Discovery Service.
In order to enable Azure instance discovery the `discovery_service.azure` section
of `teleport.yaml` must include at least one entry:

(!docs/pages/includes/discovery/discovery-group.mdx!)

```yaml
version: v3
teleport:
Expand All @@ -250,6 +252,7 @@ ssh_service:
enabled: off
discovery_service:
enabled: "yes"
discovery_group: "azure-prod"
azure:
- types: ["vm"]
subscriptions: ["<subscription>"]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,8 @@ run the Discovery Service.
In order to enable EC2 instance discovery the `discovery_service.aws` section
of `teleport.yaml` must include at least one entry:

(!docs/pages/includes/discovery/discovery-group.mdx!)

```yaml
version: v3
teleport:
Expand All @@ -133,6 +135,7 @@ ssh_service:
enabled: off
discovery_service:
enabled: "yes"
discovery_group: "aws-prod"
aws:
- types: ["ec2"]
regions: ["us-east-1","us-west-1"]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,8 @@ the Discovery Service.
In order to enable GCP instance discovery the `discovery_service.gcp` section
of `teleport.yaml` must include at least one entry:

(!docs/pages/includes/discovery/discovery-group.mdx!)

```yaml
version: v3
teleport:
Expand All @@ -246,6 +248,7 @@ ssh_service:
enabled: off
discovery_service:
enabled: "yes"
discovery_group: "gcp-prod"
gcp:
- types: ["gce"]
# The IDs of GCP projects that VMs can join from.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,12 @@ You can reduce the policy size by separating them into multiple IAM roles. Use
<TabItem label="Auto-Discovery by Discovery Service">
You can specify `assume_role_arn` in the AWS matchers of Discovery Service's
configuration:

(!docs/pages/includes/discovery/discovery-group.mdx!)

```yaml
discovery_service:
discovery_group: "prod"
enabled: "yes"
aws:
- types: ["rds"]
Expand Down
1 change: 1 addition & 0 deletions docs/pages/includes/server-access/custom-installer.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ Multiple `installer` resources can exist and be specified in the

```yaml
discovery_service:
# ...
{{ matcher }}:
- types: {{ matchTypes }}
tags:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ Discovery Service, then restart the agents running these services.
Configuration for the Discovery Service is controlled by the `kubernetes` field,
example:

(!docs/pages/includes/discovery/discovery-group.mdx!)

```yaml
# This section configures the Discovery Service
discovery_service:
Expand Down

0 comments on commit 8913bdd

Please sign in to comment.