From ee91187340f8fe1f84a8031fc964205d281cf3dc Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Thu, 28 Nov 2024 08:07:04 -0500 Subject: [PATCH] docs: include install Teleport for join services (#49524) --- .../join-services-to-your-cluster/aws-ec2.mdx | 16 ++++++++++++---- .../join-services-to-your-cluster/aws-iam.mdx | 14 ++++++++++---- .../join-services-to-your-cluster/azure.mdx | 14 ++++++++++---- .../agents/join-services-to-your-cluster/gcp.mdx | 12 +++++++++--- 4 files changed, 41 insertions(+), 15 deletions(-) diff --git a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/aws-ec2.mdx b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/aws-ec2.mdx index fb96c7acd66a3..cbd7bb29f86e4 100644 --- a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/aws-ec2.mdx +++ b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/aws-ec2.mdx @@ -45,7 +45,7 @@ Teleport processes joining the cluster. by default). Remove the data directory if this instance has previously joined a Teleport cluster. -## Step 1/4. Set up AWS IAM credentials +## Step 1/5. Set up AWS IAM credentials The Teleport Auth Service needs permission to call `ec2:DescribeInstances` in order to check that the EC2 instances attempting to join your cluster are legitimate and @@ -86,7 +86,7 @@ file or environment variables. See [Specifying Credentials](https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials) for details. -## Step 2/4. Create the AWS joining token +## Step 2/5. Create the AWS joining token Configure your Teleport Auth Service with a special dynamic token which will allow services from your AWS account to join your Teleport cluster. @@ -102,7 +102,13 @@ account and the AWS regions in which your EC2 instances will run. Run `tctl create token.yaml` to create the token. -## Step 3/4. Configure your services +## Step 3/5 Install Teleport + +Install Teleport on your AWS EC2 Instance. + +(!docs/pages/includes/install-linux.mdx!) + +## Step 4/5. Configure your services The EC2 join method can be used for Teleport processes running the SSH, Proxy, Kubernetes, Application, Database, or Windows Desktop Services. The Teleport @@ -129,7 +135,7 @@ proxy_service: enabled: no ``` -## Step 4/4. Launch your Teleport process +## Step 5/5. Launch your Teleport process +(!docs/pages/includes/start-teleport.mdx!) + Start Teleport on the host and confirm that it is able to connect to and join your cluster. You're all set! diff --git a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/aws-iam.mdx b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/aws-iam.mdx index ee3026c06c796..b12bae2ee9b8a 100644 --- a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/aws-iam.mdx +++ b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/aws-iam.mdx @@ -48,7 +48,7 @@ balancer or reverse proxy is available in Teleport 13.0+. (!docs/pages/includes/tctl.mdx!) -## Step 1/4. Set up AWS IAM credentials +## Step 1/5. Set up AWS IAM credentials Every Teleport process using the IAM method to join your Teleport cluster needs AWS IAM credentials in order to call the `sts:GetCallerIdentity` API. No @@ -62,7 +62,7 @@ attached IAM policies at all. If your instance does not otherwise need AWS credentials, it is preferred to create and attach an empty role with no attached policies. -## Step 2/4. Create the AWS joining token +## Step 2/5. Create the AWS joining token Create the following `token.yaml` with an `allow` rule specifying your AWS account and the ARN that the Teleport process's identity must match. @@ -82,7 +82,13 @@ Run the following command to create the token: $ tctl create -f token.yaml ``` -## Step 3/4. Configure your services +## Step 3/5 Install Teleport + +Install Teleport on your AWS EC2 instance. + +(!docs/pages/includes/install-linux.mdx!) + +## Step 4/5. Configure your services The IAM join method can be used for Teleport processes running the SSH, Proxy, Kubernetes, Application, or Database Service. @@ -111,7 +117,7 @@ In the `teleport.proxy_server` field, replace the value with the host and web port of your Teleport Proxy Service or Teleport Enterprise Cloud tenant, e.g., `mytenant.teleport.sh:443`. -## Step 4/4. Launch your Teleport process +## Step 5/5. Launch your Teleport process (!docs/pages/includes/aws-credentials.mdx!) diff --git a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/azure.mdx b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/azure.mdx index 551395ee186bb..06f2eb2463cf3 100644 --- a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/azure.mdx +++ b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/azure.mdx @@ -24,7 +24,7 @@ Teleport Services to a Cluster](join-services-to-your-cluster.mdx). assigned to it with permission to read virtual machine info. - (!docs/pages/includes/tctl.mdx!) -## Step 1/4. Set up a Managed Identity +## Step 1/5. Set up a Managed Identity Every virtual machine hosting a Teleport process using the Azure method to join your Teleport cluster needs a Managed Identity assigned to it. The identity @@ -33,7 +33,7 @@ look up the virtual machine. No other permissions are required. (!docs/pages/includes/server-access/azure-join-managed-identity.mdx!) -## Step 2/4. Create the Azure joining token +## Step 2/5. Create the Azure joining token Under the hood, Teleport processes will prove that they are running in your Azure subscription by sending a signed attested data document and access token @@ -54,7 +54,13 @@ Run the following command to create the token: $ tctl create -f token.yaml ``` -## Step 3/4. Configure your Teleport process +## Step 3/5 Install Teleport + +Install Teleport on your Azure Linux VM. + +(!docs/pages/includes/install-linux.mdx!) + +## Step 4/5. Configure your Teleport process The Azure join method can be used for Teleport processes running the SSH, Proxy, Kubernetes, Application, Database, or Desktop Service. @@ -82,7 +88,7 @@ proxy_service: enabled: no ``` -## Step 4/4. Launch your Teleport process +## Step 5/5. Launch your Teleport process Start Teleport on the Azure VM. diff --git a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/gcp.mdx b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/gcp.mdx index e31a33013f06c..b5ad17163088f 100644 --- a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/gcp.mdx +++ b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/gcp.mdx @@ -21,7 +21,7 @@ on the Teleport process joining the cluster. and with the Teleport binary installed. - (!docs/pages/includes/tctl.mdx!) -## Step 1/3. Create the GCP joining token +## Step 1/4. Create the GCP joining token Configure your Teleport Auth Service with a special dynamic token which will allow services from your GCP projects to join your Teleport cluster. @@ -42,7 +42,13 @@ Run the following command to create the token: $ tctl create token.yaml ``` -## Step 2/3. Configure your services +## Step 2/4 Install Teleport + +Install Teleport on your GCP Linux VM. + +(!docs/pages/includes/install-linux.mdx!) + +## Step 3/4. Configure your services The GCP join method can be used for Teleport processes running the SSH (`Node`), Proxy, Kubernetes, Application, Database, or Windows Desktop Services. The Teleport @@ -68,7 +74,7 @@ proxy_service: enabled: no ``` -## Step 3/3. Launch your Teleport process +## Step 4/4. Launch your Teleport process (!docs/pages/includes/start-teleport.mdx!)