Add MongoDB guide, MySQL Cloud SQL guide and other 7.0 docs updates (g…

…ravitational#7350)

docs/config.json

@@ -116,11 +116,14 @@
           "entries": [
             { "title": "AWS RDS/Aurora PostgreSQL", "slug": "/database-access/guides/postgres-aws/" },
             { "title": "AWS RDS/Aurora MySQL", "slug": "/database-access/guides/mysql-aws/" },
-            { "title": "AWS Redshift PostgreSQL", "slug": "/database-access/guides/postgres-redshift/" },
+            { "title": "AWS Redshift", "slug": "/database-access/guides/postgres-redshift/" },
             { "title": "GCP Cloud SQL PostgreSQL", "slug": "/database-access/guides/postgres-cloudsql/" },
+            { "title": "GCP Cloud SQL MySQL", "slug": "/database-access/guides/mysql-cloudsql/" },
             { "title": "Self-Hosted PostgreSQL", "slug": "/database-access/guides/postgres-self-hosted/" },
             { "title": "Self-Hosted MySQL", "slug": "/database-access/guides/mysql-self-hosted/" },
-            { "title": "Database GUI Clients", "slug": "/database-access/guides/gui-clients/" }
+            { "title": "Self-Hosted MongoDB", "slug": "/database-access/guides/mongodb-self-hosted/" },
+            { "title": "Database GUI Clients", "slug": "/database-access/guides/gui-clients/" },
+            { "title": "High Availability", "slug": "/database-access/guides/ha/" }
           ]
         },
         { "title": "Access Controls", "slug": "/database-access/rbac/" },
@@ -250,6 +253,9 @@
       "major_version": "1",
       "minor_version": "17"
     },
+    "mongodb": {
+      "min_version": "3.6"
+    },
     "teleport": {
       "version": "6.2.7",
       "golang": "1.16",

docs/pages/config-reference.mdx

@@ -541,7 +541,7 @@ db_service:
   - name: "prod"
     # Free-form description of the database proxy instance.
     description: "Production database"
-    # Database protocol. Can be "postgres" or "mysql".
+    # Database protocol. Can be "postgres", "mysql", or "mongodb".
     protocol: "postgres"
     # Database connection endpoint. Must be reachable from Database Service.
     uri: "postgres.example.com:5432"

docs/pages/database-access/architecture.mdx

@@ -1,13 +1,13 @@
 ---
 title: Database Access Architecture
-description: How Teleport Database Access works
+description: How Teleport Database Access works.
 ---
 
 # Database Access Architecture
 
 This section provides an overview of Teleport Database Access inner workings.
 
-## How It Works
+## How it works
 
 Let's take a look at a sample Database Access deployment:
 
@@ -71,7 +71,7 @@ Authentication happens in 3 places:
 
 Let's take a detailed look at each authentication point.
 
-### Database Client to Proxy
+### Database client to Proxy
 
 Database clients authenticate with the Proxy using X.509 client certificates
 obtained from the `tsh db login` command.
@@ -95,7 +95,7 @@ For configuring graphical clients, there is a `tsh db config` command that
 prints detailed information about the connection such as host/port and location
 of the secrets. See [GUI Clients](./guides/gui-clients.mdx) for details.
 
-### Proxy to Database Service
+### Proxy to Database service
 
 The connection between the Proxy and the Database Service is also authenticated
 with mutual TLS.
@@ -104,12 +104,12 @@ The Proxy generates a short-lived X.509 certificate signed by the
 cluster's host authority, with the client's identity and database routing
 information encoded in it, and uses it to authenticate with the Database Service.
 
-### Database Service to Database
+### Database service to database
 
 Database authentication is handled differently for self-hosted databases and
 databases hosted by AWS.
 
-#### Self-Hosted
+#### Self-hosted
 
 Teleport Database Service uses client certificate authentication with self-hosted
 database servers.
@@ -129,7 +129,7 @@ and uses the token as a password.
 See respective configuration guides for [PostgreSQL](./guides/postgres-aws.mdx) and
 [MySQL](./guides/mysql-aws.mdx) for details on configuring IAM authentication.
 
-## Next Steps
+## Next steps
 
 Please refer to the [RFD #11](https://github.com/gravitational/teleport/blob/024fd582e62560ffc925cd4b4d42c156043c041b/rfd/0011-database-access.md)
 for a more in-depth description of the feature scope and design.

docs/pages/database-access/faq.mdx

@@ -1,18 +1,18 @@
 ---
 title: Database Access FAQ
-description: Frequently asked questions about Teleport Database Access
+description: Frequently asked questions about Teleport Database Access.
 ---
 
 # Database Access FAQ
 
 ## Which database protocols does Teleport Database Access support?
 
-Teleport Database Access currently supports PostgreSQL and MySQL protocols, with
-MongoDB protocol support coming in [Teleport 7.0](../preview/upcoming-releases.mdx#teleport-70-stockholm).
+Teleport Database Access currently supports PostgreSQL, MySQL, and MongoDB
+protocols.
 
 For PostgreSQL and MySQL, both self-hosted and cloud-hosted versions such as AWS
 RDS, Aurora (except for Serverless version which doesn't support IAM auth),
-Redshift and GCP Cloud SQL are supported. See available [guides](./guides.mdx)
+Redshift, and GCP Cloud SQL are supported. See available [guides](./guides.mdx)
 for all supported configurations.
 
 ## Which PostgreSQL protocol features are not supported?
@@ -43,14 +43,12 @@ Teleport relies on client certificates for authentication so any database client
 that supports this method of authentication and uses modern TLS (1.2+) should
 work.
 
-Standard command-line clients such as `psql` and `mysql` are supported, there
-are also instructions for configuring select [graphical clients](./guides/gui-clients.mdx).
+Standard command-line clients such as `psql`, `mysql`, or `mongo` are supported,
+there are also instructions for configuring select [graphical clients](./guides/gui-clients.mdx).
 
 ## When will you support X database?
 
-We're focusing on PostgreSQL and MySQL initially, and adding MongoDB support in
-[Teleport 7.0](../preview/upcoming-releases.mdx#teleport-70-stockholm), but also
-planning to support more databases in future based on the customer demand.
+We plan to support more databases in the future based on customer demand.
 
 See if the database you're interested in has already been requested among
 [Github issues](https://github.com/gravitational/teleport/labels/database-access)

docs/pages/database-access/getting-started.mdx

@@ -1,6 +1,6 @@
 ---
 title: Database Access Getting Started Guide
-description: Getting started with Teleport Database Access and AWS Aurora PostgreSQL
+description: Getting started with Teleport Database Access and AWS Aurora PostgreSQL.
 ---
 
 # Getting Started

docs/pages/database-access/guides.mdx

@@ -1,13 +1,52 @@
 ---
 title: Database Access Guides
-description: Guides for configuring Teleport Database Access with self-hosted or AWS RDS/Aurora PostgreSQL and MySQL
+description: Guides for configuring Teleport Database Access with self-hosted or cloud-hosted databases.
 layout: tocless-doc
 ---
 
-- [AWS RDS/Aurora PostgreSQL](./guides/postgres-aws.mdx)
-- [AWS RDS/Aurora MySQL](./guides/mysql-aws.mdx)
-- [AWS Redshift PostgreSQL](./guides/postgres-redshift.mdx)
-- [GCP Cloud SQL PostgreSQL](./guides/postgres-cloudsql.mdx)
-- [Self-hosted PostgreSQL](./guides/postgres-self-hosted.mdx)
-- [Self-hosted MySQL](./guides/mysql-self-hosted.mdx)
-- [GUI clients](./guides/gui-clients.mdx)
+# Database Access Guides
+
+## Cloud-hosted guides
+
+<TileSet>
+  <Tile icon="cloud" title="AWS RDS PostgreSQL" href="./guides/postgres-aws.mdx">
+    Connect AWS RDS or Aurora PostgreSQL database.
+  </Tile>
+  <Tile icon="cloud" title="AWS RDS MySQL" href="./guides/mysql-aws.mdx">
+    Connect AWS RDS or Aurora MySQL database.
+  </Tile>
+  <Tile icon="cloud" title="AWS Redshift" href="./guides/postgres-redshift.mdx">
+    Connect AWS Redshift database.
+  </Tile>
+  <Tile icon="cloud" title="GCP Cloud SQL PostgreSQL" href="./guides/postgres-cloudsql.mdx">
+    Connect GCP Cloud SQL PostgreSQL database.
+  </Tile>
+  <Tile icon="cloud" title="GCP Cloud SQL MySQL" href="./guides/mysql-cloudsql.mdx">
+    Connect GCP Cloud SQL MySQL database.
+  </Tile>
+</TileSet>
+
+## Self-hosted guides
+
+<TileSet>
+  <Tile icon="database" title="Self-hosted PostgreSQL" href="./guides/postgres-self-hosted.mdx">
+    Connect self-hosted PostgreSQL database.
+  </Tile>
+  <Tile icon="database" title="Self-hosted MySQL" href="./guides/mysql-self-hosted.mdx">
+    Connect self-hosted MySQL database.
+  </Tile>
+  <Tile icon="database" title="Self-hosted MongoDB" href="./guides/mongodb-self-hosted.mdx">
+    Connect self-hosted MongoDB database.
+  </Tile>
+</TileSet>
+
+## General guides
+
+<TileSet>
+  <Tile icon="window" title="GUI clients" href="./guides/gui-clients.mdx">
+    Configure database graphical clients.
+  </Tile>
+  <Tile icon="integrations" title="High Availability" href="./guides/ha.mdx">
+    Deploy database access in HA configuration.
+  </Tile>
+</TileSet>

docs/pages/database-access/guides/gui-clients.mdx

@@ -1,78 +1,84 @@
 ---
 title: Database Access GUI Clients
-description: How to configure graphical database clients
+description: How to configure graphical database clients for Teleport Database Access.
 ---
 
 # Graphical Database Clients
 
-This page provides instructions on how to configure various graphical database
-clients to work with Teleport Database Access.
+This article describes how to configure popular graphical database clients to
+work with Teleport Database Access.
 
-Pick the client you're interested in from the table of contents on the right.
+## Obtain local certificate/key-pair
+
+Issue the following command after you login with `tsh`:
+
+```bash
+# View configuration for the database you're logged in to.
+tsh db config
+# View configuration for the specific database when you're logged into multiple.
+tsh db config example
+```
+
+It will display the path to your locally cached PEM files:
+
+```
+Name:      example
+Host:      teleport.example.com
+Port:      3036
+User:      alice
+Database:
+CA:        /Users/alice/.tsh/keys/teleport.example.com/certs.pem
+Cert:      /Users/alice/.tsh/keys/teleport.example.com/alice-db/root/example-x509.pem
+Key:       /Users/alice/.tsh/keys/teleport.example.com/alice
+```
+
+The displayed `CA`, `Cert`, and `Key` files are used to connect through pgAdmin
+4, MySQL Workbench, and other graphical database clients that support mutual
+TLS authentication.
 
 ## pgAdmin 4
 
 [pgAdmin 4](https://www.pgadmin.org/) is a popular graphical client for
 PostgreSQL servers.
 
-pgAdmin runs as a server that stores connection information for databases and
-serves a management web UI. As such, pgAdmin server must run on the machine
-where `tsh db login` is executed and have access to the certificate authority
-and client certificate/key pair produced by that command.
-
-To configure a new connection, right-click on Servers in the main browser view
+To configure a new connection, right-click on "Servers" in the main browser view
 and create a new server:
 
 ![pgAdmin Add Server](../../../img/database-access/[email protected])
 
-On the General tab of the new server dialog, enter the server connection name:
+In the "General" tab of the new server dialog, enter the server connection name:
 
 ![pgAdmin General](../../../img/database-access/[email protected])
 
-On the Connection tab, enter the default database name (Maintenance database)
-and the connection service name, same as when you specify connecting using
-`psql`. Leave all the other fields blank:
+In the "Connection" tab, enter the default database name (the *maintenance
+database*) and the connection service name (the same one that you specify when
+connecting through `psql`). Leave all the other fields blank:
 
 ![pgAdmin Connection](../../../img/database-access/[email protected])
 
-On the SSL tab, set SSL mode to "full":
+In the "SSL" tab, set "SSL Mode" to `Verify-Full`:
 
 ![pgAdmin SSL](../../../img/database-access/[email protected])
 
-Click Save, and pgAdmin should immediately connect.
+Click "Save", and pgAdmin should immediately connect.
 
 ## MySQL Workbench
 
 [MySQL Workbench](https://www.mysql.com/products/workbench/) is a visual tool
 that provides comprehensive MySQL administration and SQL development tools.
 
-To connect to a database using MySQL Workbench, first retrieve the database
-credentials using `tsh db login` command. After logging in, take a note of
-the database configuration parameters shown by `tsh db config` command:
-
-```bash
-$ tsh db config
-Name:      aurora
-Host:      root.gravitational.io
-Port:      3036
-User:      r0mant
-Database:
-CA:        /Users/r0mant/.tsh/keys/root.gravitational.io/certs.pem
-Cert:      /Users/r0mant/.tsh/keys/root.gravitational.io/r0mant-db/root/aurora-x509.pem
-Key:       /Users/r0mant/.tsh/keys/root.gravitational.io/r0mant
-```
-
-In MySQL Workbench Setup New Connection dialog, fill out Connection Name, Hostname,
-Port and Username:
+In MySQL Workbench "Setup New Connection" dialog, fill out "Connection Name",
+"Hostname", "Port", and "Username":
 
-![MySQL Workbench Parameters](../../../img/database-access/[email protected])
+![MySQL Workbench
+Parameters](../../../img/database-access/[email protected])
 
-On the SSL tab, set SSL mode to "Require and Verify Identity" and enter paths
-to CA, certificate and private key files from `tsh db config` command:
+In the "SSL" tab, set "Use SSL" to `Require and Verify Identity` and enter paths
+to  your CA, certificate, and private key files from `tsh db config` command:
 
 ![MySQL Workbench SSL](../../../img/database-access/[email protected])
 
-Optionally, click Test Connection to verify connectivity:
+Optionally, click "Test Connection" to verify connectivity:
 
 ![MySQL Workbench Test](../../../img/database-access/[email protected])