Replace mermaid diagram, add guided instructions, remove includes wit… #33554
Conversation
…h the get context command
lsgunn-teleport
temporarily deployed
to
vercel
GitHub Actions
Inactive
|
🤖 Vercel preview here: https://docs-r9bxjt9s0-goteleport.vercel.app/docs/ver/preview |
lsgunn-teleport
temporarily deployed
to
vercel
GitHub Actions
Inactive
lsgunn-teleport
temporarily deployed
to
vercel
GitHub Actions
Inactive
|
🤖 Vercel preview here: https://docs-2f7dbpmt5-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-o0996fat5-goteleport.vercel.app/docs/ver/preview |
docs/img/k8s/enroll-kubernetes.png
Outdated
There was a problem hiding this comment.
What is the purple "Kubernetes" box meant to indicate here?
There was a problem hiding this comment.
Teleport Kubernetes Service, I assume.
https://lucid.app/lucidchart/3bf626af-1189-433f-8f33-558812766f24/edit?invitationId=inv_dc4bd6e8-1001-47a4-83a7-1ab649f21f3d&page=0_0#
| After you click Next, Teleport generates a script to configure and enroll the | ||
| Kubernetes cluster as a resource in the Teleport cluster. | ||
|
|
||
| 1. Copy the command displayed in the Teleport Web UI and run it on the server running |
There was a problem hiding this comment.
Kubernetes clusters typically consist of several servers. Does this command have to be run on a Kubernetes node or can it run anywhere?
There was a problem hiding this comment.
That makes sense, but I'm not really sure what a real-world scenario would be like. I ran through the steps using a single computer minikube installation.
There was a problem hiding this comment.
In the minikube case, Helm would be making requests to the Kubernetes API server running on minikube, which would be running in a container or VM on your workstation. In a real-life scenario, the Kubernetes API server would be running remotely, e.g., as part of an EKS control plane.
lsgunn-teleport
temporarily deployed
to
vercel
GitHub Actions
Inactive
|
🤖 Vercel preview here: https://docs-lzvdovih0-goteleport.vercel.app/docs/ver/preview |
docs/img/k8s/test-k8s-connection.png
Outdated
There was a problem hiding this comment.
Should the namespace we set here be one the user would understand?
There was a problem hiding this comment.
I was happy to have it work, so I didn't consider editing it. I'm not sure it's hard to understand, but the default is "default" and that would be a "recognizable" namespace identifier but it didn't work for me.
| Kubernetes cluster—and information you specify, such as the Kubernetes namespace, | ||
| users, and groups to grant access to. | ||
|
|
||
| If you can't use the Teleport Web UI or want to run commands and edit file manually, |
There was a problem hiding this comment.
When would a user be unable to use the Web UI? If there aren't any situations where this would be impossible, would it make sense to use only the guided enrollment step in this guide?
Since this is a getting started guide, I think it would make sense to remove Step 1 and "Enroll Kubernetes manually", and have all readers follow Step 2. Then we can use the "Next steps" section to link the reader to the Kubernetes Discovery guides or Registering Kubernetes Clusters with Teleport for their more advanced use cases.
How does that sound?
| 1. Type all or part of **Kubernetes** in the Search field to filter the resource types | ||
| displayed, then click **Kubernetes**. | ||
|
|
||
| 1. Copy the command to add the `teleport-agent` chart to your charts repository and paste |
There was a problem hiding this comment.
Is this the teleport-kube-agent chart? https://goteleport.com/docs/reference/helm-reference/teleport-kube-agent/
There was a problem hiding this comment.
From the UI, it says:
Add teleport-agent chart to your charts repository
and
Generate a command to automatically configure and install the teleport-agent namespace
I'm not sure, but I think teleport-kube-agent is an example chart, but I'm not sure it's exactly what gets added here (I'm guessing that this step adds a boilerplate to the charts repo and that your settings in the UI fill in the details, making it "different" from the teleport-kube-agent chart as defined in the reference section.)
| After you click Next, Teleport generates a script to configure and enroll the | ||
| Kubernetes cluster as a resource in the Teleport cluster. | ||
|
|
||
| 1. Copy the command displayed in the Teleport Web UI and run it on a server in |
There was a problem hiding this comment.
How does the script enroll the Kubernetes cluster? If it deploys the Teleport Kubernetes Service via the teleport-kube-agent chart, would you be running the script on your workstation instead of on a Kubernetes node?
There was a problem hiding this comment.
As far as I can tell based on the original diagram, text, and my test with minikube, the assumption is that you are running this on a server that's part of the cluster. Otherwise, wouldn't it be the same as the standalone cluster with a separate Linux host?
@tigrato Can you clarify the scenario?
|
@lsgunn-teleport Are we backporting this, or is it v15 behavior? |
lsgunn-teleport
temporarily deployed
to
vercel
GitHub Actions
Inactive
lsgunn-teleport
temporarily deployed
to
vercel
GitHub Actions
Inactive
|
🤖 Vercel preview here: https://docs-3ydjo06w9-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-k5jaw5hxa-goteleport.vercel.app/docs/ver/preview |
lsgunn-teleport
temporarily deployed
to
vercel
GitHub Actions
Inactive
|
🤖 Vercel preview here: https://docs-poxsrb2c9-goteleport.vercel.app/docs/ver/preview |
|
I find the Kubernetes setup options rather confusing:
Might be worth revisiting the section holistically to clarify what they use cases are and how they differ. |
lsgunn-teleport
added
the
no-changelog
| 1. Type all or part of **Kubernetes** in the Search field to filter the resource types | ||
| displayed, then click **Kubernetes**. | ||
|
|
||
| 1. Copy the command to add the `teleport-agent` chart repository and paste |
There was a problem hiding this comment.
| 1. Copy the command to add the `teleport-agent` chart repository and paste | |
| 1. Copy the command to add the Teleport chart repository and paste |
teleport-agent is the name of the release
public-teleport-github-review-bot
bot
removed request for
r0mant and
xinding33
|
@lsgunn-teleport See the table below for backport results.
|
…h the get context command
I'm not a Kubernetes expert (or even a novice), so this might have a lot of errors. The main goals here are:
See #18495
Maybe manual enrollment should be a separate topic?