[docs] update self-hosted db guides#37606
Merged
GavinFrazar merged 13 commits intomasterfrom Feb 8, 2024
Merged
Conversation
GavinFrazar
added
documentation
database-access
github-actions
Bot
requested review from
r0mant,
smallinsky,
xinding33 and
zmb3
Contributor
|
🤖 Vercel preview here: https://docs-om39gnqfv-goteleport.vercel.app/docs/ver/preview |
greedy52
reviewed
Jan 31, 2024
Contributor
greedy52
left a comment
greedy52
left a comment
There was a problem hiding this comment.
Thanks a lot for updating these!
greedy52
approved these changes
Jan 31, 2024
Contributor
|
🤖 Vercel preview here: https://docs-cqncxgc26-goteleport.vercel.app/docs/ver/preview |
Contributor
|
🤖 Vercel preview here: https://docs-j9umw1arf-goteleport.vercel.app/docs/ver/preview |
Contributor
|
🤖 Vercel preview here: https://docs-nuk76lnza-goteleport.vercel.app/docs/ver/preview |
Contributor
|
🤖 Vercel preview here: https://docs-iw4fb28mg-goteleport.vercel.app/docs/ver/preview |
Contributor
|
🤖 Vercel preview here: https://docs-rd6gfze8j-goteleport.vercel.app/docs/ver/preview |
ptgott
approved these changes
Feb 7, 2024
This config still requires a custom CA, so it's pointless and less secure. It also doesn't work with the rest of the guide steps currently.
GavinFrazar
force-pushed
the
gavinfrazar/update-db-docs
branch
from
80b806d to
28d58c6
Compare
Contributor
|
🤖 Vercel preview here: https://docs-aiqzujumj-goteleport.vercel.app/docs/ver/preview |
redis 7.0 is supported with RESP2, no need to call it out.
GavinFrazar
force-pushed
the
gavinfrazar/update-db-docs
branch
from
28d58c6 to
d8825fe
Compare
Contributor
|
🤖 Vercel preview here: https://docs-ckh1241u3-goteleport.vercel.app/docs/ver/preview |
|
@GavinFrazar See the table below for backport results.
|
GavinFrazar
added a commit
that referenced
this pull request
Feb 21, 2024
GavinFrazar
added a commit
that referenced
this pull request
Feb 25, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This docs PR updates redis cluster, cockroachdb, and mongodb self-hosted guides.
The commits are well ordered and it's probably best to review commit by commit to understand what motivated each change set.
For Redis cluster, it was brought up during the testplan that the setup steps in the
tls-cluster notab didn't work with the rest of the guide for creating the Redis cluster. I added that section in #36260 - it sets redis cluster up such that Teleport'sdbCA is used to issues a cert for each node, yet still requires a custom CA to init the cluster + several additional steps. It's much simpler to just use the custom CA for each node's certs and only add trust for Teleport'sdb_clientCA - if they want to usetls-cluster nothey don't even need to change anything from thetls-cluster yesTLS setup.For CockroachDB, I explained how to trust the Teleport
db_clientCA without changing thenode.crtserved by each node. Customers have asked about how they can do this and a few days ago it came up again. It's the default tab for that step because it's easier and simpler.I also went into more detail about using
cockroach cert.For Mongo, I made some small improvements to indentation and only explain
tctl auth signsetup for the config step that actually usestctl auth sign.