Move Helm deployment guides

Backports #13105 See #12654 The Kubernetes Access section includes guides for using the Kubernetes Service as well as guides for running the Auth and Proxy Service on Kubernetes. This is misleading, since (a) you can run the Auth/Proxy on Kubernetes without using Kubernetes Access and (b) you can use Kubernetes Access without running the Auth/Proxy on Kubernetes. This change focuses on our Helm deployment guides. These guides are not related to the Kubernetes Service, but rather to deploying the Auth Service and Proxy Service on Kubernetes. I've suggested moving these guides to a /setup/helm-deployments section for visibility.
gravitational · Jul 7, 2022 · ae9664d · ae9664d
1 parent d1c0be9
commit ae9664d
Show file tree

Hide file tree

Showing 11 changed files with 129 additions and 100 deletions.
diff --git a/docs/config.json b/docs/config.json
@@ -104,6 +104,32 @@
             }
           ]
         },
+        {
+          "title": "Helm Deployments",
+          "slug": "/setup/helm-deployments/",
+          "entries": [
+            {
+              "title": "AWS EKS Cluster",
+              "slug": "/setup/helm-deployments/aws/"
+            },
+            {
+              "title": "Google Cloud GKE Cluster",
+              "slug": "/setup/helm-deployments/gcp/"
+            },
+            {
+              "title": "DigitalOcean Kubernetes Cluster",
+              "slug": "/setup/helm-deployments/digitalocean/"
+            },
+            {
+              "title": "Customize Deployment Config",
+              "slug": "/setup/helm-deployments/custom/"
+            },
+            {
+              "title": "Migrating From Older Charts",
+              "slug": "/setup/helm-deployments/migration/"
+            }
+          ]
+        },
         {
           "title": "Operations",
           "slug": "/setup/operations/",
@@ -380,32 +406,6 @@
             }
           ]
         },
-        {
-          "title": "Helm Guides",
-          "slug": "/kubernetes-access/helm/guides/",
-          "entries": [
-            {
-              "title": "AWS EKS Cluster",
-              "slug": "/kubernetes-access/helm/guides/aws/"
-            },
-            {
-              "title": "Google Cloud GKE Cluster",
-              "slug": "/kubernetes-access/helm/guides/gcp/"
-            },
-            {
-              "title": "DigitalOcean Kubernetes Cluster",
-              "slug": "/kubernetes-access/helm/guides/digitalocean/"
-            },
-            {
-              "title": "Customize Deployment Config",
-              "slug": "/kubernetes-access/helm/guides/custom/"
-            },
-            {
-              "title": "Migrating From Older Charts",
-              "slug": "/kubernetes-access/helm/guides/migration/"
-            }
-          ]
-        },
         {
           "title": "Helm Chart Reference",
           "slug": "/kubernetes-access/helm/reference/",
@@ -1187,6 +1187,51 @@
       "source": "/application-access/guides/jwt/",
       "destination": "/application-access/jwt/",
       "permanent": true
+    },
+    {
+      "source": "/docs/kubernetes-access/getting-started/agent/",
+      "destination": "/docs/kubernetes-access/getting-started/",
+      "permanent": true
+    },
+    {
+      "source": "/docs/kubernetes-access/getting-started/cluster/",
+      "destination": "/docs/getting-started/kubernetes-cluster/",
+      "permanent": true
+    },
+    {
+      "source": "/docs/kubernetes-access/getting-started/local/",
+      "destination": "/docs/getting-started/local-kubernetes/",
+      "permanent": true
+    },
+    {
+      "source": "/kubernetes-access/helm/guides/",
+      "destination": "/setup/helm-deployments/",
+      "permanent": true
+    },
+    {
+      "source": "/kubernetes-access/helm/guides/aws/",
+      "destination": "/setup/helm-deployments/aws/",
+      "permanent": true
+    },
+    {
+      "source": "/kubernetes-access/helm/guides/custom/",
+      "destination": "/setup/helm-deployments/custom/",
+      "permanent": true
+    },
+    {
+      "source": "/kubernetes-access/helm/guides/digitalocean/",
+      "destination": "/setup/helm-deployments/digitalocean/",
+      "permanent": true
+    },
+    {
+      "source": "/kubernetes-access/helm/guides/gcp/",
+      "destination": "/setup/helm-deployments/gcp/",
+      "permanent": true
+    },
+    {
+      "source": "/kubernetes-access/helm/guides/migration/",
+      "destination": "/setup/helm-deployments/migration/",
+      "permanent": true
     }
   ]
 }
diff --git a/docs/pages/getting-started/docker-compose.mdx b/docs/pages/getting-started/docker-compose.mdx
@@ -146,7 +146,7 @@ Port `443` on the Teleport container is published to the local host, so you can
 - Learn about [Teleport Access Controls](../access-controls/getting-started.mdx).
 - Get started with [Teleport Session Recording](../server-access/guides/bpf-session-recording.mdx).
 - Try out one of our [Database Access Guides](../database-access/guides.mdx).
-- For Kubernetes environments, try out one of our [Helm Guides](../kubernetes-access/helm/guides.mdx).
+- For Kubernetes environments, try out one of our [Helm Guides](../setup/helm-deployments.mdx).
 
 ## Under the hood
 

diff --git a/docs/pages/kubernetes-access/getting-started/local.mdx b/docs/pages/kubernetes-access/getting-started/local.mdx
@@ -380,7 +380,7 @@ Kubernetes cluster, read our guides to setting up Teleport for Kubernetes in
 production.
 
 - Get started with Teleport on AWS EKS: [Running an HA Teleport cluster using
-  AWS, EKS, and Helm](../helm/guides/aws.mdx)
+  AWS, EKS, and Helm](../setup/helm-deployments/aws.mdx)
 - Manage access to your Kubernetes cluster with the Teleport Kubernetes Service:
   [Connect Kubernetes Cluster to Teleport](./agent.mdx)
 - Integrate Teleport with your SSO provider:

diff --git a/docs/pages/kubernetes-access/helm/reference/teleport-cluster.mdx b/docs/pages/kubernetes-access/helm/reference/teleport-cluster.mdx
@@ -23,9 +23,9 @@ The `teleport-cluster` chart can be deployed in four different modes. Get starte
 | `chartMode` | Guide |
 | - | - |
 | `standalone` | [Getting started with Kubernetes Access](../../../getting-started.mdx) |
-| `aws` | [Running an HA Teleport cluster using an AWS EKS Cluster](../guides/aws.mdx) |
-| `gcp` | [Running an HA Teleport cluster using a Google Cloud GKE cluster](../guides/gcp.mdx) |
-| `custom` | [Running a Teleport cluster with a custom config](../guides/custom.mdx) |
+| `aws` | [Running an HA Teleport cluster using an AWS EKS Cluster](../../../setup/helm-deployments/aws.mdx) |
+| `gcp` | [Running an HA Teleport cluster using a Google Cloud GKE cluster](../../../setup/helm-deployments/gcp.mdx) |
+| `custom` | [Running a Teleport cluster with a custom config](../../../setup/helm-deployments/custom.mdx) |
 
 This reference details available values for the `teleport-cluster` chart.
 
@@ -395,9 +395,9 @@ Teleport's RBAC policies to define access rules for the cluster.
 | `chartMode` | Guide |
 | - | - |
 | `standalone` | [Getting started with Kubernetes Access](../../../getting-started.mdx) |
-| `aws` | [Running an HA Teleport cluster using an AWS EKS Cluster](../guides/aws.mdx) |
-| `gcp` | [Running an HA Teleport cluster using a Google Cloud GKE cluster](../guides/gcp.mdx) |
-| `custom` | [Running a Teleport cluster with a custom config](../guides/custom.mdx) |
+| `aws` | [Running an HA Teleport cluster using an AWS EKS Cluster](../../../setup/helm-deployments/aws.mdx) |
+| `gcp` | [Running an HA Teleport cluster using a Google Cloud GKE cluster](../../../setup/helm-deployments/gcp.mdx) |
+| `custom` | [Running a Teleport cluster with a custom config](../../../setup/helm-deployments/custom.mdx) |
 
 ## `persistence`
 
@@ -479,15 +479,15 @@ You can set `volumeSize` to request a different size of persistent volume when i
 | - | - |
 | ❌ | See [Using DynamoDB](../../../setup/reference/backends.mdx#dynamodb) and [Using Amazon S3](../../../setup/reference/backends.mdx#s3) for details |
 
-`aws` settings are described in the AWS guide: [Running an HA Teleport cluster using an AWS EKS Cluster](../guides/aws.mdx)
+`aws` settings are described in the AWS guide: [Running an HA Teleport cluster using an AWS EKS Cluster](../../../setup/helm-deployments)
 
 ## `gcp`
 
 | Can be used in `custom` mode? | `teleport.yaml` equivalent |
 | - | - |
 | ❌ | See [Using Firestore](../../../setup/reference/backends.mdx#dynamodb) and [Using GCS](../../../setup/reference/backends.mdx#gcs) for details |
 
-`gcp` settings are described in the GCP guide: [Running an HA Teleport cluster using a Google Cloud GKE cluster](../guides/gcp.mdx)
+`gcp` settings are described in the GCP guide: [Running an HA Teleport cluster using a Google Cloud GKE cluster](../../../setup/helm-deployments/gcp.mdx)
 
 ### `highAvailability`
 
@@ -639,7 +639,7 @@ cluster deployed in HA mode.
   You must install and configure `cert-manager` in your Kubernetes cluster yourself.
 
   See the [cert-manager Helm install instructions](https://cert-manager.io/docs/installation/kubernetes/#option-2-install-crds-as-part-of-the-helm-release)
-  and the relevant sections of the [AWS](../guides/aws.mdx#step-4a-install-and-configure-cert-manager-to-handle-tls) and [GCP](../guides/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information.
+  and the relevant sections of the [AWS](../../../setup/helm-deployments/aws.mdx#step-47-configure-tls-certificates-for-teleport) and [GCP](../../../setup/helm-deployments/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information.
 </Admonition>
 
 ### `highAvailability.certManager.addCommonName`
@@ -654,7 +654,7 @@ Setting `highAvailability.certManager.addCommonName` to `true` will instruct `ce
   You must install and configure `cert-manager` in your Kubernetes cluster yourself.
 
   See the [cert-manager Helm install instructions](https://cert-manager.io/docs/installation/kubernetes/#option-2-install-crds-as-part-of-the-helm-release)
-  and the relevant sections of the [AWS](../guides/aws.mdx#step-4a-install-and-configure-cert-manager-to-handle-tls) and [GCP](../guides/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information.
+  and the relevant sections of the [AWS](../../../setup/helm-deployments/aws.mdx#step-47-configure-tls-certificates-for-teleport) and [GCP](../../../setup/helm-deployments/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information.
 </Admonition>
 
 <Tabs>
@@ -688,7 +688,7 @@ Sets the name of the `cert-manager` `Issuer` or `ClusterIssuer` to use for issui
   You must install configure an appropriate `Issuer` supporting a DNS01 challenge yourself.
 
   Please see the [cert-manager DNS01 docs](https://cert-manager.io/docs/configuration/acme/dns01/#supported-dns01-providers) and the relevant sections
-  of the [AWS](../guides/aws.mdx#step-4a-install-and-configure-cert-manager-to-handle-tls) and [GCP](../guides/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information.
+  of the [AWS](../../../setup/helm-deployments/aws.mdx#step-47-configure-tls-certificates-for-teleport) and [GCP](../../../setup/helm-deployments/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information.
 </Admonition>
 
 <Tabs>

diff --git a/docs/pages/setup/guides/docker.mdx b/docs/pages/setup/guides/docker.mdx
@@ -215,6 +215,6 @@ root@localhost:~#
 
 ## Next steps
 
-- Try out one of our [Helm Guides](../../kubernetes-access/helm/guides.mdx).
+- Try out one of our [Helm Guides](../../setup/helm-deployments.mdx).
 - Try out one of our [Database Access Guides](../../database-access/guides.mdx).
 - Learn about [Teleport Server Access](../../server-access/introduction.mdx).
diff --git a/docs/pages/kubernetes-access/helm/guides.mdx → docs/pages/setup/helm-deployments.mdx b/docs/pages/kubernetes-access/helm/guides.mdx → docs/pages/setup/helm-deployments.mdx
@@ -4,42 +4,23 @@ description: How to install and configure Teleport in Kubernetes using Helm
 layout: tocless-doc
 ---
 
-## Helm guides
+## Helm deployment guides
 
 These guides show you how to set up a full self-hosted Teleport deployment using
 our `teleport-cluster` Helm chart.
 
 <TileSet>
-    <Tile icon="kubernetes" title="Standalone Teleport Cluster" href="../getting-started.mdx">
-        Getting started with Kubernetes Access
-    </Tile>
-    <Tile icon="kubernetes" title="HA AWS Teleport Cluster" href="./guides/aws.mdx">
+    <Tile icon="kubernetes" title="HA AWS Teleport Cluster" href="./helm-deployments/aws.mdx">
         Running an HA Teleport cluster in Kubernetes using an AWS EKS Cluster
     </Tile>
-    <Tile icon="kubernetes" title="HA GCP Teleport Cluster" href="./guides/gcp.mdx">
+    <Tile icon="kubernetes" title="HA GCP Teleport Cluster" href="./helm-deployments/gcp.mdx">
         Running an HA Teleport cluster in Kubernetes using a Google Cloud GKE cluster
     </Tile>
-    <Tile icon="kubernetes" title="Custom Teleport config" href="./guides/custom.mdx">
+    <Tile icon="kubernetes" title="Custom Teleport config" href="./helm-deployments/custom.mdx">
         Running a Teleport cluster in Kubernetes with a custom Teleport config
     </Tile>
 </TileSet>
 
-## Detailed Helm chart references
-
-<TileSet>
-<Tile href="./reference/teleport-cluster.mdx" icon="kubernetes" title="teleport-cluster">
-
-Deploy the `teleport` daemon on Kubernetes with preset configurations for the
-Auth and Proxy Services and support for any Teleport service configuration.
-
-</Tile>
-<Tile href="./reference/teleport-kube-agent.mdx" icon="kubernetes" title="teleport-kube-agent">
-
-Deploy the Teleport Kubernetes Service, Application Service, or Database Service on Kubernetes.
-
-</Tile>
-</TileSet>
-
 ## Migration Guides
 
 <TileSet>

diff --git a/...ges/kubernetes-access/helm/guides/aws.mdx → docs/pages/setup/helm-deployments/aws.mdx b/...ges/kubernetes-access/helm/guides/aws.mdx → docs/pages/setup/helm-deployments/aws.mdx
@@ -534,8 +534,10 @@ $ helm --namespace cert-manager uninstall cert-manager
 
 ## Next steps
 
-- You can follow our [Getting Started with Teleport guide](../../../setup/guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your
+You can follow our [Getting Started with Teleport guide](../guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your
 Teleport cluster.
-- See the [high availability section of our Helm chart reference](../reference/teleport-cluster.mdx#highavailability) for more details on high availability.
-- Read the [`cert-manager` documentation](https://cert-manager.io/docs/).
+
+See the [high availability section of our Helm chart reference](../../kubernetes-access/helm/reference/teleport-cluster.mdx#highavailability) for more details on high availability.
+
+Read the [`cert-manager` documentation](https://cert-manager.io/docs/).
 
diff --git a/.../kubernetes-access/helm/guides/custom.mdx → docs/pages/setup/helm-deployments/custom.mdx b/.../kubernetes-access/helm/guides/custom.mdx → docs/pages/setup/helm-deployments/custom.mdx
@@ -3,7 +3,7 @@ title: Running Teleport with a Custom Configuration using Helm
 description: Install and configure a Teleport cluster with a custom configuration using Helm
 ---
 
-In this guide, we'll go through how to set up a Teleport cluster in Kubernetes using a custom [`teleport.yaml`](../../../setup/reference/config.mdx)
+In this guide, we'll go through how to set up a Teleport cluster in Kubernetes using a custom [`teleport.yaml`](../reference/config.mdx)
 config file using Teleport Helm charts.
 
 This setup can be useful when you already have an existing Teleport cluster and would like to start running it in Kubernetes, or when
@@ -26,7 +26,7 @@ migrating your setup from a legacy version of the Helm charts.
 In `custom` mode, the `teleport-cluster` Helm chart does not create a `ConfigMap` containing a `teleport.yaml` file for you, but
 expects that you will provide this yourself.
 
-For this example, we'll be using this `teleport.yaml` configuration file with a static join token (for more information on join tokens, see [Adding Nodes to the Cluster](../../../setup/admin/adding-nodes.mdx)):
+For this example, we'll be using this `teleport.yaml` configuration file with a static join token (for more information on join tokens, see [Adding Nodes to the Cluster](../admin/adding-nodes.mdx)):
 
 ```code
 $ cat << EOF > teleport.yaml
@@ -217,7 +217,7 @@ $ helm upgrade teleport teleport/teleport-cluster \
 <Admonition type="warning">
   When using `custom` mode, you **must** use highly-available storage (e.g. etcd, DynamoDB, or Firestore) for multiple replicas to be supported.
 
-  [Information on supported Teleport storage backends](../../../architecture/authentication.mdx#storage-back-ends)
+  [Information on supported Teleport storage backends](../../architecture/authentication.mdx#storage-back-ends)
 
   Manually configuring NFS-based storage or `ReadWriteMany` volume claims is **NOT** supported for an HA deployment and will result in errors.
 </Admonition>
@@ -236,5 +236,5 @@ $ helm --namespace teleport uninstall teleport
 
 ## Next steps
 
-You can follow our [Getting Started with Teleport guide](../../../setup/guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your
+You can follow our [Getting Started with Teleport guide](../guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your
 Teleport cluster.
diff --git a/...netes-access/helm/guides/digitalocean.mdx → ...s/setup/helm-deployments/digitalocean.mdx b/...netes-access/helm/guides/digitalocean.mdx → ...s/setup/helm-deployments/digitalocean.mdx
@@ -36,13 +36,13 @@ Kubernetes.
 ## Step 1/4. Create a DigitalOcean Kubernetes cluster
 Create a new [DigitalOcean Kubernetes Cluster](https://cloud.digitalocean.com/kubernetes/clusters/)
 <Figure align="left" bordered caption="Create DigitalOcean Kubernetes cluster">
-  ![Create DigitalOcean Kubernetes cluster](../../../../img/helm/digitalocean/create-k8s.png)
+  ![Create DigitalOcean Kubernetes cluster](../../../img/helm/digitalocean/create-k8s.png)
 </Figure>
 
 <br />
 While the Kubernetes cluster is being provisioned, follow the "Getting Started" guide as shown below:
 <Figure align="left" bordered caption="Set up DigitalOcean Kubernetes client">
-  ![Set up DigitalOcean Kubernetes client](../../../../img/helm/digitalocean/setup-k8s.png)
+  ![Set up DigitalOcean Kubernetes client](../../../img/helm/digitalocean/setup-k8s.png)
 </Figure>
 
 
@@ -81,7 +81,7 @@ NAME               TYPE           CLUSTER-IP      EXTERNAL-IP       PORT(S)
 ```
 Once you get the value for the external IP (it may take a few minutes for this field to be populated), update your DNS record such that the clusterName's A record points to this IP address. For example `192.168.200.200` is the external IP in the above case.
 <Figure align="left" bordered caption="Configure DNS">
-  ![Configure DNS](../../../../img/helm/digitalocean/fqdn.png)
+  ![Configure DNS](../../../img/helm/digitalocean/fqdn.png)
 </Figure>
 
 ## Step 3/4. Create and set up Teleport user
@@ -97,7 +97,7 @@ $ kubectl --namespace teleport-cluster exec deploy/teleport-cluster -- tctl user
 
 Copy the link shown after executing the above command and open the link in a web browser to complete the user registration process (the link is `https://tele.teleporters.dev:443/web/invite/<invite-token>` in the above case).
 <Figure align="left" bordered caption="Setup user">
-  ![Setup user](../../../../img/helm/digitalocean/setup-user.png)
+  ![Setup user](../../../img/helm/digitalocean/setup-user.png)
 </Figure>
 
 
@@ -137,12 +137,12 @@ $ kubectl --namespace=teleport-cluster exec -i ${POD?} -- tctl create -f < membe
 Now we will assign Teleport user **tadmin** with this role. The example below shows a process using Teleport Web UI:
 First, lets select user edit menu:
 <Figure align="left" bordered caption="Edit user">
-  ![Edit user](../../../../img/helm/digitalocean/edit-user.png)
+  ![Edit user](../../../img/helm/digitalocean/edit-user.png)
 </Figure>
 
 Second, update the **tadmin** user role to assign the **member** role:
 <Figure align="left" bordered caption="Update role">
-  ![Update role](../../../../img/helm/digitalocean/update-role.png)
+  ![Update role](../../../img/helm/digitalocean/update-role.png)
 </Figure>
 
 We've updated the user **tadmin** to have the **member** role, which is allowed to access a Kubernetes cluster with privilege `system:master`.
@@ -202,12 +202,13 @@ Voila! User **tadmin** was able to list the pods in their DigitalOcean Kubernete
 
 Teleport keeps an audit log of access to a Kubernetes cluster. In the screenshot below, the Teleport audit log shows that the user **tadmin** has logged into the cluster.
 <Figure align="left" bordered caption="View audit log">
-  ![View audit log](../../../../img/helm/digitalocean/view-activity.png)
+  ![View audit log](../../../img/helm/digitalocean/view-activity.png)
 </Figure>
 
 
 ## Next steps
-- [Connect Multiple Kubernetes Clusters](../../guides/multiple-clusters.mdx)
-- [Setup CI/CD Access with Teleport](../../guides/cicd.mdx)
-- [Federated Access using Trusted Clusters](../../guides/federation.mdx)
-- [Single-Sign On and Kubernetes Access Control](../../controls.mdx)
+- [Connect Multiple Kubernetes Clusters](../../kubernetes-access/guides/multiple-clusters.mdx)
+- [Setup CI/CD Access with Teleport](../../kubernetes-access/guides/cicd.mdx)
+- [Federated Access using Trusted Clusters](../../kubernetes-access/guides/federation.mdx)
+- [Single-Sign On and Kubernetes Access Control](../../kubernetes-access/controls.mdx)
+