Refresh the teleport-cluster Helm guide#25287
Merged
Conversation
github-actions
Bot
requested review from
alexfornuto,
r0mant,
xinding33 and
zmb3
This was referenced Apr 27, 2023
Closed
hugoShaka
approved these changes
Apr 27, 2023
Comment on lines
+49
to
+80
| <Details title="Launching a fresh EKS cluster with eksctl?" open="false"> | ||
|
|
||
| If you are using [eksctl](https://eksctl.io/) to launch a fresh Amazon Elastic | ||
| Kubernetes Service cluster in order to follow this guide, the following | ||
| example configuration sets up the EBS CSI driver add-on. Update the cluster | ||
| name, version, node group size, and region as required: | ||
|
|
||
| ```yaml | ||
| apiVersion: eksctl.io/v1alpha5 | ||
| kind: ClusterConfig | ||
| metadata: | ||
| name: my-cluster | ||
| region: us-east-1 | ||
| version: "1.23" | ||
|
|
||
| iam: | ||
| withOIDC: true | ||
|
|
||
| addons: | ||
| - name: aws-ebs-csi-driver | ||
| version: v1.11.4-eksbuild.1 | ||
| attachPolicyARNs: | ||
| - arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy | ||
|
|
||
| managedNodeGroups: | ||
| - name: managed-ng-2 | ||
| instanceType: t3.medium | ||
| minSize: 2 | ||
| maxSize: 3 | ||
| ``` | ||
|
|
||
| </Details> |
Contributor
There was a problem hiding this comment.
(non-blocking)
I'm not sure putting eksctl in the hands of unsuspecting new users is good. The tool creates a lot of resources, has complex behaviour when things are going wrong. Cleaning up after eksctl is quite complex.
Do we really want to be in the business of teaching users how to deploy the EKS cluster Rube Goldberg machine?
Contributor
Author
There was a problem hiding this comment.
I added this because I found it helpful when spinning up a quick demo cluster via eksctl, and didn't want users in a similar boat as me to spend as much time as I did going through the AWS docs. I get what you're saying, though. Maybe we can add a red Notice box at the top of this Details box indicating that:
- This is for demo clusters only
- You should already be experienced with
eksctl
Contributor
Author
|
@alexfornuto This should be ready for copy review |
alexfornuto
approved these changes
May 4, 2023
Contributor
alexfornuto
left a comment
alexfornuto
left a comment
There was a problem hiding this comment.
Generally 👍 but with some suggestions.
Comment on lines
93
to
99
| <Admonition title="No cloud provider?" type="tip"> | ||
|
|
||
| Teleport also supports Kubernetes in on-premise and air-gapped environments. If | ||
| you would like to try out Teleport on your local machine, we recommend following | ||
| our [local Kubernetes guide](../../try-out-teleport/local-kubernetes.mdx). | ||
|
|
||
| <Admonition title="Local-only setups" type="tip"> | ||
| Teleport also supports Kubernetes in on-premise and air-gapped environments. If you would like to try out Teleport on your local machine, we recommend following our [Docker Compose guide](../../try-out-teleport/docker-compose.mdx). | ||
| </Admonition> |
Contributor
There was a problem hiding this comment.
This admonition breaks the indent flow of the prerequisites section. I suggest moving it under the "A Kubernetest cluster..." bullet point and indenting it.
Contributor
Author
There was a problem hiding this comment.
I'll remove this Admonition since we have removed the local Kubernetes guide. I'm guessing that orgs interested in Kubernetes in air-gapped environments will be sophisticated enough that removing this message will put them off Teleport.
Comment on lines
+241
to
+244
| |Record Type|Domain Name|Value| | ||
| |---|---|---| | ||
| |A|teleport.example.com|The IP address of your load balancer| | ||
| |A|*.teleport.example.com|The IP address of your load balancer| | ||
|
|
||
| </TabItem> | ||
| <TabItem label="Domain Name"> | ||
|
|
||
| |Record Type|Domain Name|Value| | ||
| |---|---|---| | ||
| |CNAME|teleport.example.com|The domain name of your load balancer| | ||
| |CNAME|*.teleport.example.com|The domain name of your load balancer| |
Contributor
There was a problem hiding this comment.
The tables seem like a bit of overkill, since in both tabs they are either A or CNAME records and all have the same value.
Contributor
Author
There was a problem hiding this comment.
I could use prose instead to make this more compact, but I'm not sure this needs to be more compact. For me, having a table makes things easier to keep track of when (for example) I'm in the Route 53 console.
Updated the guide while testing it for v13. The goals of this change are to: - Update the guide for v13 (these are very minor changes consisting of editing example outputs) - Simplify the guide - Make the guide easier to use Updating the guide: - Remove the video, which is two years old. Simplifying the guide: - Some `Tabs` components differ only in mentioning an Enterprise-specific namespace instead of an OSS-specific namespace. By using the same namespace for both editions, we can remove these tabs. - Add tsh as a prerequisite so we don't need to install it midway through the guide. - Remove the SSO instructions: The SSO instructions rely on following other guides to complete, so these aren't really appropriate for this step-by-step guide. The only difference the SSO instructions in this guide offer from other guides is is running `tctl` on the Auth Service pod via `kubectl exec`. Since this isn't actually necessary, we can remove these instructions. - Refactor out common instructions in the OSS/Enterprise installation tabs - Remove the command to get the Proxy Service's load balancer IP, since the `get services` command already shows this Make the guide easier to use: - Add more specific Enterprise installation steps, including showing how to get the license file. - Make the DNS instructions more specific. - Add guidance in the Prerequisites for ensuring that your cluster supports Persistent Volumes. - Add a warning re: `system:masters` - Add `Var` components to code snippets so they are easier to copy/paste. Stray edits: - Adjust line widths for easier reviews. - Recommend the local Kubenetes guide in the first Admonition, rather than the Docker Compose guide, since readers will already be interested in Kubernetes.
ptgott
force-pushed
the
paul.gottschling/2023-04-teleport-cluster
branch
from
79430fc to
cfbb399
Compare
public-teleport-github-review-bot
Bot
removed request for
r0mant,
xinding33 and
zmb3
ptgott
force-pushed
the
paul.gottschling/2023-04-teleport-cluster
branch
from
cfbb399 to
db4585d
Compare
ptgott
added a commit
that referenced
this pull request
May 12, 2023
Backports #25287 * Refresh the teleport-cluster Helm guide Updated the guide while testing it for v13. The goals of this change are to: - Update the guide for v13 (these are very minor changes consisting of editing example outputs) - Simplify the guide - Make the guide easier to use Updating the guide: - Remove the video, which is two years old. Simplifying the guide: - Some `Tabs` components differ only in mentioning an Enterprise-specific namespace instead of an OSS-specific namespace. By using the same namespace for both editions, we can remove these tabs. - Add tsh as a prerequisite so we don't need to install it midway through the guide. - Remove the SSO instructions: The SSO instructions rely on following other guides to complete, so these aren't really appropriate for this step-by-step guide. The only difference the SSO instructions in this guide offer from other guides is is running `tctl` on the Auth Service pod via `kubectl exec`. Since this isn't actually necessary, we can remove these instructions. - Refactor out common instructions in the OSS/Enterprise installation tabs - Remove the command to get the Proxy Service's load balancer IP, since the `get services` command already shows this Make the guide easier to use: - Add more specific Enterprise installation steps, including showing how to get the license file. - Make the DNS instructions more specific. - Add guidance in the Prerequisites for ensuring that your cluster supports Persistent Volumes. - Add a warning re: `system:masters` - Add `Var` components to code snippets so they are easier to copy/paste. Stray edits: - Adjust line widths for easier reviews. - Recommend the local Kubenetes guide in the first Admonition, rather than the Docker Compose guide, since readers will already be interested in Kubernetes. * Respond to hugoShaka feedback * Linter fixes * Respond to alexfornuto feedback
ptgott
added a commit
that referenced
this pull request
May 16, 2023
Backports #25287 * Refresh the teleport-cluster Helm guide Updated the guide while testing it for v13. The goals of this change are to: - Update the guide for v13 (these are very minor changes consisting of editing example outputs) - Simplify the guide - Make the guide easier to use Updating the guide: - Remove the video, which is two years old. Simplifying the guide: - Some `Tabs` components differ only in mentioning an Enterprise-specific namespace instead of an OSS-specific namespace. By using the same namespace for both editions, we can remove these tabs. - Add tsh as a prerequisite so we don't need to install it midway through the guide. - Remove the SSO instructions: The SSO instructions rely on following other guides to complete, so these aren't really appropriate for this step-by-step guide. The only difference the SSO instructions in this guide offer from other guides is is running `tctl` on the Auth Service pod via `kubectl exec`. Since this isn't actually necessary, we can remove these instructions. - Refactor out common instructions in the OSS/Enterprise installation tabs - Remove the command to get the Proxy Service's load balancer IP, since the `get services` command already shows this Make the guide easier to use: - Add more specific Enterprise installation steps, including showing how to get the license file. - Make the DNS instructions more specific. - Add guidance in the Prerequisites for ensuring that your cluster supports Persistent Volumes. - Add a warning re: `system:masters` - Add `Var` components to code snippets so they are easier to copy/paste. Stray edits: - Adjust line widths for easier reviews. - Recommend the local Kubenetes guide in the first Admonition, rather than the Docker Compose guide, since readers will already be interested in Kubernetes. * Respond to hugoShaka feedback * Linter fixes * Respond to alexfornuto feedback
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #13853
Updated the guide while testing it for v13.
The goals of this change are to:
Updating the guide:
Simplifying the guide:
Tabscomponents differ only in mentioning an Enterprise-specific namespace instead of an OSS-specific namespace. By using the same namespace for both editions, we can remove these tabs.tctlon the Auth Service pod viakubectl exec. Since this isn't actually necessary, we can remove these instructions.get servicescommand already shows thisMake the guide easier to use:
system:mastersVarcomponents to code snippets so they are easier to copy/paste.Stray edits: