* Add a guide to deploying an HA cluster
Closes#16751
This is a general guide that prefaces our HA deployment guides.
Also adds an introduction to the "deploy-a-cluster" section.
* Respond to some PR feedback
- Add mentions of specific services (Auth and Proxy) where it would help
with clarity.
- Edit port tables to remove ports that shouldn't be publicly exposed.
- Clarify the supported backends.
- Clarify that Let's Encrypt is not required for TLS credential
management.
* Respond to more PR feedback
- Add context around DNS records
- Use "Layer 4" instead of "Layer Four"
- Explain optional ports more explicitly
- Fix spacing issues
- Indicate that you can use an S3-compatible object store
- Clarify cert-fetching behavior for applications
- Describe separate port configs depending on whether TLS Routing is
enabled, and add a brief section re: whether to enable TLS Routing
- Expand the Teleport configuration section to accommodate TLS Routing
and separate listeners
* Add more context to the "Deploy a Cluster" intro
* Small language tweaks
* Add an image
* Respond to zmb3 feedback
- Use "cluster state backend" and "session recording backend"
- Mention cross-zone load balancing
- Link to the Backends Reference instead of including example backend
configurations
- Use v3 for example configs
- Fix example config indentation
* Add CTA for Teleport Cloud and forScopes
* Add a guide to exporting events to Splunk
Closes#13158
Since there are multiple guides to exporting audit events now, this also
adds a new section of the docs for these guides.
Also fixes a tiny error in the Elastic Stack guide.
* Respond to PR feedback
* Fix linter issues
* Respond to PR feedback
- Use consistent naming
- Mention the `--ttl` flag for `tctl auth sign`
- Mention Machine ID
- Add a quick Troubleshooting section
- Fix `chmod` command
- Add systemd configs (also added this to the Elastic Stack Event
Handler guide. I didn't do this to the Fluentd guide because the
structure of the guide is different from the Splunk guide's).
* Document Azure CLI access
Closes#17583
- Create a guide to Azure CLI access
- Update references to reflect changes to roles, commands, and the file
config
* Respond to alexfornuto feedback
* Add a section to the guide on `tsh proxy azure`
* Respond to smaller feedback items from Tener
* Switch the order of role approaches
Responds to one item of feedback from Tener.
* Respond to zmb3 feedback
* Document new behavior
- Wildcards in `deny` rules
- The `tsh proxy az` alias
* Add SSO instructions for defining a role
* Update env var values
* optimize images
Co-authored-by: alexfornuto <alex.fornuto@goteleport.com>
- Fix an incorrect link
- Be more specific about what roles/permissions are required
- Remove some text and an image that didn't meaningfully contribute
* init end user doc
* lint fix
* Apply suggestions from code review
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
* simplify inline icon
* incorporate feedback
* Add Kubernetes instructions to the end-user guide (#18234)
* Apply suggestions from code review
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* move to 'connect your client'
* Updates based on review.
* adjust next steps para
* Apply suggestions from code review
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* consolidate tsh examples with Var component
* linting
* Add Kubernetes instructions for the Web UI/Connect (#18611)
* Add Kubernetes instructions for the Web UI/Connect
* optimize images
* add SAML connector to Vars
Co-authored-by: alexfornuto <alex.fornuto@goteleport.com>
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* sort list of db guides alphabetically
* add Elastic guide
* Apply suggestions from code review
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
* additional edits from review
* add spaces to next steps include
This is so that additional ul items added to a guide using this partial will have consistent spacing
* remove instructions and add tip
Resolves #r995144908 and #r995566035
* fix Database Access config and add scopes
* Move note into relevant tab
* adjust example user mapping
* incorporate more feedback
* incorporate feedback from @tener
* Update docs/pages/database-access/guides/elastic.mdx
Co-authored-by: Krzysztof Skrzętnicki <krzysztof.skrzetnicki@goteleport.com>
* bypass linter rule
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
Co-authored-by: Krzysztof Skrzętnicki <krzysztof.skrzetnicki@goteleport.com>
* Refresh the Enterprise Getting Started guide
Fixes#14249
Edit the Enterprise Getting Started guide based on manual testing to
make the guide up to date and easier to follow.
- Update the architectural description in the introduction
- Structure the guide, following out Linux Server guide for open source
installations, to include Application Access
- Add DNS instructions rather than using the `--insecure` flag
- Add copy-pastable installation instructions
- Flesh out the license file instructions and add a screenshot of the
customer portal
- Simplify the instructions for adding a local user
- Remove the docker-compose instructions, since we want the user to
finish setting up a minimal Teleport cluster by the end of the guide,
and these instructions begin a new step-by-step sequence. We also have
a separate docker-compose guide that users can follow for a local
demo
- Add a "Next steps" section and move relevant content there
* Respond to PR feedback
* Add screenshots for azure IAM setup
* Update azure mysql postgres guide to explain discovery
* Update db service config yaml reference
* Update docs/pages/database-access/guides/azure-postgres-mysql.mdx
Co-authored-by: STeve (Xin) Huang <xin.huang@goteleport.com>
* Fix typo in admonition type
* Redact IDs in azure screenshots
* Clarify that role assignment applies to either principal type
* Advise restarting db service after checking credentials
* optimize images
* Update docs/pages/database-access/guides/azure-postgres-mysql.mdx
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
* Update docs/pages/database-access/guides/azure-postgres-mysql.mdx
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
* Update docs/pages/database-access/guides/azure-postgres-mysql.mdx
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
Co-authored-by: STeve (Xin) Huang <xin.huang@goteleport.com>
Co-authored-by: alexfornuto <alex@fornuto.com>
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
Fixes#14576
- Add updated instructions, as the behavior and configuration settings
for the PagerDuty plugin have changed since we first added this guide.
- Ensure the guide can be followed as a set of step-by-step
instructions. For example, this change tells the user to create two
PagerDuty services and refers to these services throughout the page.
- Also edits example configs for the PagerDuty and Mattermost plugins.
* Add a guide to Desktop Access Directory Sharing
Closes#15433
I placed this at the root of `docs/pages/desktop-access` since this
guide is currently the only step-by-step Desktop Access guide aside from
the Getting Started guide, and doesn't quite fit in the "Reference"
section.
Note that the "How it works" section at the bottom of the guide should
probably be in a separate architecture guide to Desktop Access. However,
we don't yet have a Desktop Access architecture guide, and I wanted to
include an architectural description here in case users want to
understand the architecture of the feature for threat modeling etc.
* Respond to PR feedback
* Address PR feedback
* Respond to PR feedback and include updates
- Add an entry in the Desktop Access RBAC guide
- Fix a link
- Include updated notes on the product
Fixes#14577
Update the guide and make it easier to use:
- Give this guide the structure of the Slack guide, adding stepped
headings and a section on configuring Access Requests, to make this
guide easier to follow step by step.
- Add the initial Access Request RBAC setup as a partial
- Indicate that this has been tested with Mattermost v7.0.1
- Add clarity tweaks throughout
- Update the instructions for editing the plugin configuration. The
configuration fields have changed since guide was written.
* Edit the Slack access request plugin guide
Fixes#14581
- Flesh out the intro a bit
- Fix the directory name used in the `mv` command in the installation
step. Also fix the name of the binary generated by the `make` command.
- Add a step to test the installation
- Edit the rbac.mdx and impersonations.mdx partials to provide more
context and restructure the instructions so users can follow them step
by step.
- Add context around other existing steps
- Add more comprehensive role mapping instructions. The guide included
an example role mapping, but did not spell out the general logic of
the role mapping bheavior, e.g., that the "*" key is required.
- Move the step re: inviting the bot to after the user configures role
mapping so they know which channels to invite the bot to.
- Add a section on creating roles to enable Access Requests so it is
eassier to follow this guide linearly. Otherwise, users will need to
do more work to match the configuration instructions with the
specifics of their RBAC setup.
- Capitalize "Access Request" in this and other guides, since we're
adding more emphasis on this as a product.
- Turn the "Audit Log" section into an Admonition and make the
instructions there more accurate.
- Add context to the "identity-export.mdx" partial. This is a pretty
confusing part of the Access Request setup process, so I added context
to explain why different identity file formats are used.
* Apply suggestions from code review
Co-authored-by: Nic Klaassen <nic@goteleport.com>
* Respond to PR review
Co-authored-by: Nic Klaassen <nic@goteleport.com>
* Added Machine ID and Web Apps Guide.
Co-authored-by: Tim Buckley <tim@goteleport.com>
* Update reference pages with latest v9.3 content
Also, update the mongodb example
* Address review feedback
* Remove unfinished though and fix a few typos
* Tweak wording for the webapps guide
Also, fix broken lints in the go examples.
* Fix Postgres example
* Rename "webapps" guide to "database" guide (with custom app)
* Apply suggestions from code review
Co-authored-by: Noah Stride <noah.stride@goteleport.com>
* Address review feedback
* Fix go.mod issue breaking linter, remove duped postgres library
* Fix broken links
* Rephrase the final sentence a bit.
* Update docs/pages/machine-id/guides.mdx
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* First batch of review feedback
* Apply more suggestions from review
* Restore original go.sum / go.mod
* Show different version requirement text for cloud vs OSS/enterprise
* Add small note about `tbot db` limitations
* Add new Machine ID / Database Access diagram
* Fix lint errors
* Fix broken link
* Apply suggestions from code review
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* Address review feedback
* Fix whitespace
* Address review feedback
* Update docs/pages/machine-id/guides/databases.mdx
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Russell Jones <rjones@gravitational.com>
Co-authored-by: Noah Stride <noah.stride@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Our architecture section was written almost 5 years ago
and was completely obsolete.
I refactored all of it to be up to date, added Kuberentes
and other resource type references, replaced and created new diagrams.
The Linux Server getting started guide shows the wrong screenshot
when referring to the Teleport welcome screen. This change uses
a screenshot of the view an unauthenticated user would see when
first visiting the Web UI.
* Fix resource links
Fixes#12839
Some video links still refer to the outdated "/teleport/" path.
This change adds the videos these links refer to to the "img"
directory and updates the links.
Note that two of the three MDX files that are changed here do not
actually render the video. I've changed the links here anyway in
case someone uses these as a reference for the link format.
* Apply suggestions from code review
Co-authored-by: Ben Arent <ben@goteleport.com>
Co-authored-by: Roman Tkachenko <roman@goteleport.com>
Co-authored-by: Ben Arent <ben@goteleport.com>
Co-authored-by: Roman Tkachenko <roman@goteleport.com>