* sort list of db guides alphabetically
* add Elastic guide
* Apply suggestions from code review
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
* additional edits from review
* add spaces to next steps include
This is so that additional ul items added to a guide using this partial will have consistent spacing
* remove instructions and add tip
Resolves #r995144908 and #r995566035
* fix Database Access config and add scopes
* Move note into relevant tab
* adjust example user mapping
* incorporate more feedback
* incorporate feedback from @tener
* Update docs/pages/database-access/guides/elastic.mdx
Co-authored-by: Krzysztof Skrzętnicki <krzysztof.skrzetnicki@goteleport.com>
* bypass linter rule
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
Co-authored-by: Krzysztof Skrzętnicki <krzysztof.skrzetnicki@goteleport.com>
* Refresh the Enterprise Getting Started guide
Fixes#14249
Edit the Enterprise Getting Started guide based on manual testing to
make the guide up to date and easier to follow.
- Update the architectural description in the introduction
- Structure the guide, following out Linux Server guide for open source
installations, to include Application Access
- Add DNS instructions rather than using the `--insecure` flag
- Add copy-pastable installation instructions
- Flesh out the license file instructions and add a screenshot of the
customer portal
- Simplify the instructions for adding a local user
- Remove the docker-compose instructions, since we want the user to
finish setting up a minimal Teleport cluster by the end of the guide,
and these instructions begin a new step-by-step sequence. We also have
a separate docker-compose guide that users can follow for a local
demo
- Add a "Next steps" section and move relevant content there
* Respond to PR feedback
* Add screenshots for azure IAM setup
* Update azure mysql postgres guide to explain discovery
* Update db service config yaml reference
* Update docs/pages/database-access/guides/azure-postgres-mysql.mdx
Co-authored-by: STeve (Xin) Huang <xin.huang@goteleport.com>
* Fix typo in admonition type
* Redact IDs in azure screenshots
* Clarify that role assignment applies to either principal type
* Advise restarting db service after checking credentials
* optimize images
* Update docs/pages/database-access/guides/azure-postgres-mysql.mdx
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
* Update docs/pages/database-access/guides/azure-postgres-mysql.mdx
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
* Update docs/pages/database-access/guides/azure-postgres-mysql.mdx
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
Co-authored-by: STeve (Xin) Huang <xin.huang@goteleport.com>
Co-authored-by: alexfornuto <alex@fornuto.com>
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
Fixes#14576
- Add updated instructions, as the behavior and configuration settings
for the PagerDuty plugin have changed since we first added this guide.
- Ensure the guide can be followed as a set of step-by-step
instructions. For example, this change tells the user to create two
PagerDuty services and refers to these services throughout the page.
- Also edits example configs for the PagerDuty and Mattermost plugins.
* Add a guide to Desktop Access Directory Sharing
Closes#15433
I placed this at the root of `docs/pages/desktop-access` since this
guide is currently the only step-by-step Desktop Access guide aside from
the Getting Started guide, and doesn't quite fit in the "Reference"
section.
Note that the "How it works" section at the bottom of the guide should
probably be in a separate architecture guide to Desktop Access. However,
we don't yet have a Desktop Access architecture guide, and I wanted to
include an architectural description here in case users want to
understand the architecture of the feature for threat modeling etc.
* Respond to PR feedback
* Address PR feedback
* Respond to PR feedback and include updates
- Add an entry in the Desktop Access RBAC guide
- Fix a link
- Include updated notes on the product
Fixes#14577
Update the guide and make it easier to use:
- Give this guide the structure of the Slack guide, adding stepped
headings and a section on configuring Access Requests, to make this
guide easier to follow step by step.
- Add the initial Access Request RBAC setup as a partial
- Indicate that this has been tested with Mattermost v7.0.1
- Add clarity tweaks throughout
- Update the instructions for editing the plugin configuration. The
configuration fields have changed since guide was written.
* Edit the Slack access request plugin guide
Fixes#14581
- Flesh out the intro a bit
- Fix the directory name used in the `mv` command in the installation
step. Also fix the name of the binary generated by the `make` command.
- Add a step to test the installation
- Edit the rbac.mdx and impersonations.mdx partials to provide more
context and restructure the instructions so users can follow them step
by step.
- Add context around other existing steps
- Add more comprehensive role mapping instructions. The guide included
an example role mapping, but did not spell out the general logic of
the role mapping bheavior, e.g., that the "*" key is required.
- Move the step re: inviting the bot to after the user configures role
mapping so they know which channels to invite the bot to.
- Add a section on creating roles to enable Access Requests so it is
eassier to follow this guide linearly. Otherwise, users will need to
do more work to match the configuration instructions with the
specifics of their RBAC setup.
- Capitalize "Access Request" in this and other guides, since we're
adding more emphasis on this as a product.
- Turn the "Audit Log" section into an Admonition and make the
instructions there more accurate.
- Add context to the "identity-export.mdx" partial. This is a pretty
confusing part of the Access Request setup process, so I added context
to explain why different identity file formats are used.
* Apply suggestions from code review
Co-authored-by: Nic Klaassen <nic@goteleport.com>
* Respond to PR review
Co-authored-by: Nic Klaassen <nic@goteleport.com>
* Added Machine ID and Web Apps Guide.
Co-authored-by: Tim Buckley <tim@goteleport.com>
* Update reference pages with latest v9.3 content
Also, update the mongodb example
* Address review feedback
* Remove unfinished though and fix a few typos
* Tweak wording for the webapps guide
Also, fix broken lints in the go examples.
* Fix Postgres example
* Rename "webapps" guide to "database" guide (with custom app)
* Apply suggestions from code review
Co-authored-by: Noah Stride <noah.stride@goteleport.com>
* Address review feedback
* Fix go.mod issue breaking linter, remove duped postgres library
* Fix broken links
* Rephrase the final sentence a bit.
* Update docs/pages/machine-id/guides.mdx
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* First batch of review feedback
* Apply more suggestions from review
* Restore original go.sum / go.mod
* Show different version requirement text for cloud vs OSS/enterprise
* Add small note about `tbot db` limitations
* Add new Machine ID / Database Access diagram
* Fix lint errors
* Fix broken link
* Apply suggestions from code review
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* Address review feedback
* Fix whitespace
* Address review feedback
* Update docs/pages/machine-id/guides/databases.mdx
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Russell Jones <rjones@gravitational.com>
Co-authored-by: Noah Stride <noah.stride@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Our architecture section was written almost 5 years ago
and was completely obsolete.
I refactored all of it to be up to date, added Kuberentes
and other resource type references, replaced and created new diagrams.
The Linux Server getting started guide shows the wrong screenshot
when referring to the Teleport welcome screen. This change uses
a screenshot of the view an unauthenticated user would see when
first visiting the Web UI.
* Fix resource links
Fixes#12839
Some video links still refer to the outdated "/teleport/" path.
This change adds the videos these links refer to to the "img"
directory and updates the links.
Note that two of the three MDX files that are changed here do not
actually render the video. I've changed the links here anyway in
case someone uses these as a reference for the link format.
* Apply suggestions from code review
Co-authored-by: Ben Arent <ben@goteleport.com>
Co-authored-by: Roman Tkachenko <roman@goteleport.com>
Co-authored-by: Ben Arent <ben@goteleport.com>
Co-authored-by: Roman Tkachenko <roman@goteleport.com>
* Clarify two guides and two intro pages
See #11841
Make the Adding Nodes guide more usable for Cloud
- Add a ca_pin preset
- Clarify that tctl must be run on the local machine for Cloud users
- Structure the guide as a step-by-step tutorial. The guide already
included sequences of sample commands, so all this took was to rename
headings according to the "Step n/d." format and move the CA pinning
section into the section on starting the Node.
- Add environment variables to use for storing a CA pin and invite
token to sample commands, plus piped commands to extract these
strings from the output of tctl commands.
- Use a ScopedBlock to hide the Node Tunneling section for Cloud users
- Indicate that the --auth-server flag in "teleport start" requires a
port.
Add intros to the Admin and Operations menu pages
- Clarify the purpose of the Admin Guides and Operations sections
by adding an intro paragraph to each page. Since these sections are
similar in scope, I added links from one to the other with statements
about how the two sections differ.
- Replace lists of links with Tiles.
GitHub SSO
- Move the step to create an OAuth app out of the Prerequisites and
into its own step. This makes it easier to give the instructions
to use a specific callback URL proper space.
- Be more explicit about the rp_ip value.
- Add explicit instructions for logging in to the cluster after
creating the auth preference, including screenshots of expected
results.
* Fix wording and linter issues following PR review
* Respond to PR feedback
Remove a misleading instruction re: CA pinning. Also move some text
about CA pinning to a more appropriate location.
* Add a local Getting Started guide for Kubernetes
Our current Getting Started guides for Teleport on Kubernetes
assume that readers are deploying resources to the cloud. Some
users may want to get started quickly without, say, asking
another team for permission to deploy a DNS zone. These users
can then read our cloud-focused guides when it comes time to
develop a proof of concept or use Teleport in production.
Hopefully, this guide will expand the range of security-minded
engineers who can get early firsthand experience with Teleport.
This guide sets up Teleport on minikube and uses the App Service
to access Kubernetes Dashboard. Because Kubernetes Dashboard is
not initially accessible outside the cluster, this guide shows
you how you can access it securely via Teleport without using
`kubectl proxy`.
We can also consider expanding this guide later on to introduce
the Teleport Kubernetes Service or more sophisticated RBAC rules.
Also worth noting that while this change adds a new tile to
/docs/pages/kubernetes-access/getting-started.mdx, it does not
add a new tile image. We can consider creating a new one or
using the current one.
Fixes#9359
* Respond to PR feedback
I've made it more explicit that the minikube Docker driver is required
for the demo. I have also added a row to the required software table
that includes Docker Desktop/Docker Engine. I've tested this on my
Linux desktop, and modified commands to support Docker Engine as well
as Docker Desktop (i.e., "minikube tunnel" exposes a private IP address
beside 127.0.0.1 for the load balancer).
Also made a couple of minor tweaks, and removed the mention of
localhost in relation to the Web UI.
* Add Details for troubleshooting minikube tunnel
* Ignore the dead link checker for a localhost link
Add Redis documentation on how to setup Redis.
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Marek Smoliński <marek@goteleport.com>
* DigitalOcean 1-click Droplet and Kubernetes getting started guides
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Ben Arent <ben@goteleport.com>
* Updated docs for the improved Google OIDC connector
* Apply suggestions from code review
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Zac Bergquist <zmb3@users.noreply.github.com>
* Use "code" blocks for copyable commands
* whitespace
* Consistency with punctuation and avoid splitting paragraphs with images.
* Updated error message matching the current code
* Bump minimum version for OIDCConnector v3 to 8.1.2
* More fixes
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Zac Bergquist <zmb3@users.noreply.github.com>
* adds necessary line to powershell script and touches up the docs
* touch-ups
* Updates README to the settings that I thought would do the trick. Just tested with these and RDP is timing out for me.
* CR
* CR
* adding warning about the firewall rules mysteriously dissapearing on us and an instruction to use gpupdate.exe
* Switch GPO creation to powershell
* using local file notation
* fixing comments
* fixing mdx errors
Co-authored-by: Zac Bergquist <zmb3@users.noreply.github.com>
* updating docs with service account tutorial
* minor corrections
* Apply suggestions from code review
Co-authored-by: Zac Bergquist <zmb3@users.noreply.github.com>
* wording changes based on CR
* minor changes and fixes and adds updated photos with new naming convention
* Updating documentation
* updating gpo instructions to actually make sense
* nits
* adding instructions for exporting ca
* removing unhelpful screen shot
* Fixes quotes and updates to LDAPS
Co-authored-by: Ben Arent <ben@goteleport.com>
* clarifying comment
Co-authored-by: Zac Bergquist <zmb3@users.noreply.github.com>
Co-authored-by: Ben Arent <ben@goteleport.com>
* Desktop Access documentation
First draft of the Desktop Access docs. This is for Beta and has the
warnings on every page to make that clear.
* Apply suggestions from code review
Co-authored-by: Isaiah Becker-Mayer <isaiah@goteleport.com>
Co-authored-by: Isaiah Becker-Mayer <isaiah@goteleport.com>
This adds documentation for using tsh on Windows, along with a guide
for using VS Code Remote Development with Teleport hosts.
Related PRs:
* #7848: Support Windows with `tsh config`
* #7790: Support Windows with `tsh ssh` (and `scp`, `join`, `play`, etc)
* Modifying db GUI guides to include pgAdmin Windows access and DBeaver MySQL access instructions
* Cert to Certificates to match screenshot
* Clearing up wording for readability and adding mysql.dbeaver_min_ver to config.json