From ff5c40633c7dbe77f2f0c82c317b9ed515707509 Mon Sep 17 00:00:00 2001 From: Paul Gottschling Date: Thu, 23 Jun 2022 11:25:27 -0400 Subject: [PATCH] Move Helm deployment guides Backports #13105 See #12654 The Kubernetes Access section includes guides for using the Kubernetes Service as well as guides for running the Auth and Proxy Service on Kubernetes. This is misleading, since (a) you can run the Auth/Proxy on Kubernetes without using Kubernetes Access and (b) you can use Kubernetes Access without running the Auth/Proxy on Kubernetes. This change focuses on our Helm deployment guides. These guides are not related to the Kubernetes Service, but rather to deploying the Auth Service and Proxy Service on Kubernetes. I've suggested moving these guides to a /setup/helm-deployments section for visibility. --- docs/config.json | 84 +++++++++++++------ docs/pages/getting-started/docker-compose.mdx | 2 +- .../getting-started/local-kubernetes.mdx | 2 +- .../helm/reference/teleport-cluster.mdx | 22 ++--- docs/pages/setup/guides/docker.mdx | 2 +- .../guides.mdx => setup/helm-deployments.mdx} | 29 ++----- .../guides => setup/helm-deployments}/aws.mdx | 4 +- .../helm-deployments}/custom.mdx | 8 +- .../helm-deployments}/digitalocean.mdx | 23 ++--- .../guides => setup/helm-deployments}/gcp.mdx | 38 ++++----- .../helm-deployments}/migration.mdx | 0 11 files changed, 113 insertions(+), 101 deletions(-) rename docs/pages/{kubernetes-access/helm/guides.mdx => setup/helm-deployments.mdx} (53%) rename docs/pages/{kubernetes-access/helm/guides => setup/helm-deployments}/aws.mdx (98%) rename docs/pages/{kubernetes-access/helm/guides => setup/helm-deployments}/custom.mdx (95%) rename docs/pages/{kubernetes-access/helm/guides => setup/helm-deployments}/digitalocean.mdx (89%) rename docs/pages/{kubernetes-access/helm/guides => setup/helm-deployments}/gcp.mdx (91%) rename docs/pages/{kubernetes-access/helm/guides => setup/helm-deployments}/migration.mdx (100%) diff --git a/docs/config.json b/docs/config.json index 990c0005a0dfc..c31ec82335b46 100644 --- a/docs/config.json +++ b/docs/config.json @@ -112,6 +112,32 @@ } ] }, + { + "title": "Helm Deployments", + "slug": "/setup/helm-deployments/", + "entries": [ + { + "title": "AWS EKS Cluster", + "slug": "/setup/helm-deployments/aws/" + }, + { + "title": "Google Cloud GKE Cluster", + "slug": "/setup/helm-deployments/gcp/" + }, + { + "title": "DigitalOcean Kubernetes Cluster", + "slug": "/setup/helm-deployments/digitalocean/" + }, + { + "title": "Customize Deployment Config", + "slug": "/setup/helm-deployments/custom/" + }, + { + "title": "Migrating From Older Charts", + "slug": "/setup/helm-deployments/migration/" + } + ] + }, { "title": "Operations", "slug": "/setup/operations/", @@ -378,32 +404,6 @@ } ] }, - { - "title": "Helm Guides", - "slug": "/kubernetes-access/helm/guides/", - "entries": [ - { - "title": "AWS EKS Cluster", - "slug": "/kubernetes-access/helm/guides/aws/" - }, - { - "title": "Google Cloud GKE Cluster", - "slug": "/kubernetes-access/helm/guides/gcp/" - }, - { - "title": "DigitalOcean Kubernetes Cluster", - "slug": "/kubernetes-access/helm/guides/digitalocean/" - }, - { - "title": "Customize Deployment Config", - "slug": "/kubernetes-access/helm/guides/custom/" - }, - { - "title": "Migrating From Older Charts", - "slug": "/kubernetes-access/helm/guides/migration/" - } - ] - }, { "title": "Helm Chart Reference", "slug": "/kubernetes-access/helm/reference/", @@ -1234,6 +1234,36 @@ "source": "/getting-started/digitalocean/", "destination": "/setup/deployments/digitalocean/", "permanent": true + }, + { + "source": "/kubernetes-access/helm/guides/", + "destination": "/setup/helm-deployments/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/guides/aws/", + "destination": "/setup/helm-deployments/aws/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/guides/custom/", + "destination": "/setup/helm-deployments/custom/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/guides/digitalocean/", + "destination": "/setup/helm-deployments/digitalocean/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/guides/gcp/", + "destination": "/setup/helm-deployments/gcp/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/guides/migration/", + "destination": "/setup/helm-deployments/migration/", + "permanent": true } ] -} \ No newline at end of file +} diff --git a/docs/pages/getting-started/docker-compose.mdx b/docs/pages/getting-started/docker-compose.mdx index 8869d6065ce9a..b432b1ba136f3 100644 --- a/docs/pages/getting-started/docker-compose.mdx +++ b/docs/pages/getting-started/docker-compose.mdx @@ -146,7 +146,7 @@ Port `443` on the Teleport container is published to the local host, so you can - Learn about [Teleport Access Controls](../access-controls/getting-started.mdx). - Get started with [Teleport Session Recording](../server-access/guides/bpf-session-recording.mdx). - Try out one of our [Database Access Guides](../database-access/guides.mdx). -- For Kubernetes environments, try out one of our [Helm Guides](../kubernetes-access/helm/guides.mdx). +- For Kubernetes environments, try out one of our [Helm Guides](../setup/helm-deployments.mdx). ## Under the hood diff --git a/docs/pages/getting-started/local-kubernetes.mdx b/docs/pages/getting-started/local-kubernetes.mdx index 7f309b5d8eeda..e489eb0a5fb99 100644 --- a/docs/pages/getting-started/local-kubernetes.mdx +++ b/docs/pages/getting-started/local-kubernetes.mdx @@ -380,7 +380,7 @@ Kubernetes cluster, read our guides to setting up Teleport for Kubernetes in production. - Get started with Teleport on AWS EKS: [Running an HA Teleport cluster using - AWS, EKS, and Helm](../kubernetes-access/helm/guides/aws.mdx) + AWS, EKS, and Helm](../setup/helm-deployments/aws.mdx) - Manage access to your Kubernetes cluster with the Teleport Kubernetes Service: [Connect Kubernetes Cluster to Teleport](../kubernetes-access/getting-started.mdx) - Integrate Teleport with your SSO provider: diff --git a/docs/pages/kubernetes-access/helm/reference/teleport-cluster.mdx b/docs/pages/kubernetes-access/helm/reference/teleport-cluster.mdx index 11830c6185591..1e03381817002 100644 --- a/docs/pages/kubernetes-access/helm/reference/teleport-cluster.mdx +++ b/docs/pages/kubernetes-access/helm/reference/teleport-cluster.mdx @@ -23,9 +23,9 @@ The `teleport-cluster` chart can be deployed in four different modes. Get starte | `chartMode` | Guide | | - | - | | `standalone` | [Getting started with Kubernetes Access](../../../getting-started.mdx) | -| `aws` | [Running an HA Teleport cluster using an AWS EKS Cluster](../guides/aws.mdx) | -| `gcp` | [Running an HA Teleport cluster using a Google Cloud GKE cluster](../guides/gcp.mdx) | -| `custom` | [Running a Teleport cluster with a custom config](../guides/custom.mdx) | +| `aws` | [Running an HA Teleport cluster using an AWS EKS Cluster](../../../setup/helm-deployments/aws.mdx) | +| `gcp` | [Running an HA Teleport cluster using a Google Cloud GKE cluster](../../../setup/helm-deployments/gcp.mdx) | +| `custom` | [Running a Teleport cluster with a custom config](../../../setup/helm-deployments/custom.mdx) | This reference details available values for the `teleport-cluster` chart. @@ -395,9 +395,9 @@ Teleport's RBAC policies to define access rules for the cluster. | `chartMode` | Guide | | - | - | | `standalone` | [Getting started with Kubernetes Access](../../../getting-started.mdx) | -| `aws` | [Running an HA Teleport cluster using an AWS EKS Cluster](../guides/aws.mdx) | -| `gcp` | [Running an HA Teleport cluster using a Google Cloud GKE cluster](../guides/gcp.mdx) | -| `custom` | [Running a Teleport cluster with a custom config](../guides/custom.mdx) | +| `aws` | [Running an HA Teleport cluster using an AWS EKS Cluster](../../../setup/helm-deployments/aws.mdx) | +| `gcp` | [Running an HA Teleport cluster using a Google Cloud GKE cluster](../../../setup/helm-deployments/gcp.mdx) | +| `custom` | [Running a Teleport cluster with a custom config](../../../setup/helm-deployments/custom.mdx) | ## `persistence` @@ -479,7 +479,7 @@ You can set `volumeSize` to request a different size of persistent volume when i | - | - | | ❌ | See [Using DynamoDB](../../../setup/reference/backends.mdx#dynamodb) and [Using Amazon S3](../../../setup/reference/backends.mdx#s3) for details | -`aws` settings are described in the AWS guide: [Running an HA Teleport cluster using an AWS EKS Cluster](../guides/aws.mdx) +`aws` settings are described in the AWS guide: [Running an HA Teleport cluster using an AWS EKS Cluster](../../../setup/helm-deployments) ## `gcp` @@ -487,7 +487,7 @@ You can set `volumeSize` to request a different size of persistent volume when i | - | - | | ❌ | See [Using Firestore](../../../setup/reference/backends.mdx#dynamodb) and [Using GCS](../../../setup/reference/backends.mdx#gcs) for details | -`gcp` settings are described in the GCP guide: [Running an HA Teleport cluster using a Google Cloud GKE cluster](../guides/gcp.mdx) +`gcp` settings are described in the GCP guide: [Running an HA Teleport cluster using a Google Cloud GKE cluster](../../../setup/helm-deployments/gcp.mdx) ### `highAvailability` @@ -639,7 +639,7 @@ cluster deployed in HA mode. You must install and configure `cert-manager` in your Kubernetes cluster yourself. See the [cert-manager Helm install instructions](https://cert-manager.io/docs/installation/kubernetes/#option-2-install-crds-as-part-of-the-helm-release) - and the relevant sections of the [AWS](../guides/aws.mdx#step-47-configure-tls-certificates-for-teleport) and [GCP](../guides/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information. + and the relevant sections of the [AWS](../../../setup/helm-deployments/aws.mdx#step-47-configure-tls-certificates-for-teleport) and [GCP](../../../setup/helm-deployments/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information. ### `highAvailability.certManager.addCommonName` @@ -654,7 +654,7 @@ Setting `highAvailability.certManager.addCommonName` to `true` will instruct `ce You must install and configure `cert-manager` in your Kubernetes cluster yourself. See the [cert-manager Helm install instructions](https://cert-manager.io/docs/installation/kubernetes/#option-2-install-crds-as-part-of-the-helm-release) - and the relevant sections of the [AWS](../guides/aws.mdx#step-47-configure-tls-certificates-for-teleport) and [GCP](../guides/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information. + and the relevant sections of the [AWS](../../../setup/helm-deployments/aws.mdx#step-47-configure-tls-certificates-for-teleport) and [GCP](../../../setup/helm-deployments/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information. @@ -688,7 +688,7 @@ Sets the name of the `cert-manager` `Issuer` or `ClusterIssuer` to use for issui You must install configure an appropriate `Issuer` supporting a DNS01 challenge yourself. Please see the [cert-manager DNS01 docs](https://cert-manager.io/docs/configuration/acme/dns01/#supported-dns01-providers) and the relevant sections - of the [AWS](../guides/aws.mdx#step-47-configure-tls-certificates-for-teleport) and [GCP](../guides/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information. + of the [AWS](../../../setup/helm-deployments/aws.mdx#step-47-configure-tls-certificates-for-teleport) and [GCP](../../../setup/helm-deployments/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information. diff --git a/docs/pages/setup/guides/docker.mdx b/docs/pages/setup/guides/docker.mdx index e5e73a792d341..53c16bfd61313 100644 --- a/docs/pages/setup/guides/docker.mdx +++ b/docs/pages/setup/guides/docker.mdx @@ -215,6 +215,6 @@ root@localhost:~# ## Next steps -- Try out one of our [Helm Guides](../../kubernetes-access/helm/guides.mdx). +- Try out one of our [Helm Guides](../../setup/helm-deployments.mdx). - Try out one of our [Database Access Guides](../../database-access/guides.mdx). - Learn about [Teleport Server Access](../../server-access/introduction.mdx). diff --git a/docs/pages/kubernetes-access/helm/guides.mdx b/docs/pages/setup/helm-deployments.mdx similarity index 53% rename from docs/pages/kubernetes-access/helm/guides.mdx rename to docs/pages/setup/helm-deployments.mdx index 150a091fbe813..cec6edad405e0 100644 --- a/docs/pages/kubernetes-access/helm/guides.mdx +++ b/docs/pages/setup/helm-deployments.mdx @@ -4,47 +4,28 @@ description: How to install and configure Teleport in Kubernetes using Helm layout: tocless-doc --- -## Helm guides +## Helm deployment guides These guides show you how to set up a full self-hosted Teleport deployment using our `teleport-cluster` Helm chart. - - Getting started with Kubernetes Access - - + Running an HA Teleport cluster in Kubernetes using an AWS EKS Cluster - + Running an HA Teleport cluster in Kubernetes using a Google Cloud GKE cluster - + Running a Teleport cluster in Kubernetes with a custom Teleport config -## Detailed Helm chart references - - - - -Deploy the `teleport` daemon on Kubernetes with preset configurations for the -Auth and Proxy Services and support for any Teleport service configuration. - - - - -Deploy the Teleport Kubernetes Service, Application Service, or Database Service on Kubernetes. - - - - ## Migration Guides diff --git a/docs/pages/kubernetes-access/helm/guides/aws.mdx b/docs/pages/setup/helm-deployments/aws.mdx similarity index 98% rename from docs/pages/kubernetes-access/helm/guides/aws.mdx rename to docs/pages/setup/helm-deployments/aws.mdx index 5fcb39f05229e..832b9e60f4f5e 100644 --- a/docs/pages/kubernetes-access/helm/guides/aws.mdx +++ b/docs/pages/setup/helm-deployments/aws.mdx @@ -535,10 +535,10 @@ $ helm --namespace cert-manager uninstall cert-manager ## Next steps -You can follow our [Getting Started with Teleport guide](../../../setup/guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your +You can follow our [Getting Started with Teleport guide](../guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your Teleport cluster. -See the [high availability section of our Helm chart reference](../reference/teleport-cluster.mdx#highavailability) for more details on high availability. +See the [high availability section of our Helm chart reference](../../kubernetes-access/helm/reference/teleport-cluster.mdx#highavailability) for more details on high availability. Read the [`cert-manager` documentation](https://cert-manager.io/docs/). diff --git a/docs/pages/kubernetes-access/helm/guides/custom.mdx b/docs/pages/setup/helm-deployments/custom.mdx similarity index 95% rename from docs/pages/kubernetes-access/helm/guides/custom.mdx rename to docs/pages/setup/helm-deployments/custom.mdx index 6db9424517ffc..f0a7c63e3df69 100644 --- a/docs/pages/kubernetes-access/helm/guides/custom.mdx +++ b/docs/pages/setup/helm-deployments/custom.mdx @@ -3,7 +3,7 @@ title: Running Teleport with a Custom Configuration using Helm description: Install and configure a Teleport cluster with a custom configuration using Helm --- -In this guide, we'll go through how to set up a Teleport cluster in Kubernetes using a custom [`teleport.yaml`](../../../setup/reference/config.mdx) +In this guide, we'll go through how to set up a Teleport cluster in Kubernetes using a custom [`teleport.yaml`](../reference/config.mdx) config file using Teleport Helm charts. This setup can be useful when you already have an existing Teleport cluster and would like to start running it in Kubernetes, or when @@ -26,7 +26,7 @@ migrating your setup from a legacy version of the Helm charts. In `custom` mode, the `teleport-cluster` Helm chart does not create a `ConfigMap` containing a `teleport.yaml` file for you, but expects that you will provide this yourself. -For this example, we'll be using this `teleport.yaml` configuration file with a static join token (for more information on join tokens, see [Adding Nodes to the Cluster](../../../setup/admin/adding-nodes.mdx)): +For this example, we'll be using this `teleport.yaml` configuration file with a static join token (for more information on join tokens, see [Adding Nodes to the Cluster](../admin/adding-nodes.mdx)): ```code $ cat << EOF > teleport.yaml @@ -217,7 +217,7 @@ $ helm upgrade teleport teleport/teleport-cluster \ When using `custom` mode, you **must** use highly-available storage (e.g. etcd, DynamoDB, or Firestore) for multiple replicas to be supported. - [Information on supported Teleport storage backends](../../../setup/reference/backends.mdx) + [Information on supported Teleport storage backends](../reference/backends.mdx) Manually configuring NFS-based storage or `ReadWriteMany` volume claims is **NOT** supported for an HA deployment and will result in errors. @@ -236,5 +236,5 @@ $ helm --namespace teleport uninstall teleport ## Next steps -You can follow our [Getting Started with Teleport guide](../../../setup/guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your +You can follow our [Getting Started with Teleport guide](../guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your Teleport cluster. diff --git a/docs/pages/kubernetes-access/helm/guides/digitalocean.mdx b/docs/pages/setup/helm-deployments/digitalocean.mdx similarity index 89% rename from docs/pages/kubernetes-access/helm/guides/digitalocean.mdx rename to docs/pages/setup/helm-deployments/digitalocean.mdx index de2577463ef18..309d163b1df7a 100644 --- a/docs/pages/kubernetes-access/helm/guides/digitalocean.mdx +++ b/docs/pages/setup/helm-deployments/digitalocean.mdx @@ -36,13 +36,13 @@ Kubernetes. ## Step 1/4. Create a DigitalOcean Kubernetes cluster Create a new [DigitalOcean Kubernetes Cluster](https://cloud.digitalocean.com/kubernetes/clusters/)
- ![Create DigitalOcean Kubernetes cluster](../../../../img/helm/digitalocean/create-k8s.png) + ![Create DigitalOcean Kubernetes cluster](../../../img/helm/digitalocean/create-k8s.png)

While the Kubernetes cluster is being provisioned, follow the "Getting Started" guide as shown below:
- ![Set up DigitalOcean Kubernetes client](../../../../img/helm/digitalocean/setup-k8s.png) + ![Set up DigitalOcean Kubernetes client](../../../img/helm/digitalocean/setup-k8s.png)
@@ -81,7 +81,7 @@ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) ``` Once you get the value for the external IP (it may take a few minutes for this field to be populated), update your DNS record such that the clusterName's A record points to this IP address. For example `192.168.200.200` is the external IP in the above case.
- ![Configure DNS](../../../../img/helm/digitalocean/fqdn.png) + ![Configure DNS](../../../img/helm/digitalocean/fqdn.png)
## Step 3/4. Create and set up Teleport user @@ -97,7 +97,7 @@ $ kubectl --namespace teleport-cluster exec deploy/teleport-cluster -- tctl user Copy the link shown after executing the above command and open the link in a web browser to complete the user registration process (the link is `https://tele.teleporters.dev:443/web/invite/` in the above case).
- ![Setup user](../../../../img/helm/digitalocean/setup-user.png) + ![Setup user](../../../img/helm/digitalocean/setup-user.png)
@@ -137,12 +137,12 @@ $ kubectl --namespace=teleport-cluster exec -i ${POD?} -- tctl create -f < membe Now we will assign Teleport user **tadmin** with this role. The example below shows a process using Teleport Web UI: First, lets select user edit menu:
- ![Edit user](../../../../img/helm/digitalocean/edit-user.png) + ![Edit user](../../../img/helm/digitalocean/edit-user.png)
Second, update the **tadmin** user role to assign the **member** role:
- ![Update role](../../../../img/helm/digitalocean/update-role.png) + ![Update role](../../../img/helm/digitalocean/update-role.png)
We've updated the user **tadmin** to have the **member** role, which is allowed to access a Kubernetes cluster with privilege `system:master`. @@ -202,12 +202,13 @@ Voila! User **tadmin** was able to list the pods in their DigitalOcean Kubernete Teleport keeps an audit log of access to a Kubernetes cluster. In the screenshot below, the Teleport audit log shows that the user **tadmin** has logged into the cluster.
- ![View audit log](../../../../img/helm/digitalocean/view-activity.png) + ![View audit log](../../../img/helm/digitalocean/view-activity.png)
## Next steps -- [Connect Multiple Kubernetes Clusters](../../guides/multiple-clusters.mdx) -- [Setup CI/CD Access with Teleport](../../guides/cicd.mdx) -- [Federated Access using Trusted Clusters](../../guides/federation.mdx) -- [Single-Sign On and Kubernetes Access Control](../../controls.mdx) +- [Connect Multiple Kubernetes Clusters](../../kubernetes-access/guides/multiple-clusters.mdx) +- [Setup CI/CD Access with Teleport](../../kubernetes-access/guides/cicd.mdx) +- [Federated Access using Trusted Clusters](../../kubernetes-access/guides/federation.mdx) +- [Single-Sign On and Kubernetes Access Control](../../kubernetes-access/controls.mdx) + diff --git a/docs/pages/kubernetes-access/helm/guides/gcp.mdx b/docs/pages/setup/helm-deployments/gcp.mdx similarity index 91% rename from docs/pages/kubernetes-access/helm/guides/gcp.mdx rename to docs/pages/setup/helm-deployments/gcp.mdx index 5bf765307fcd8..b88ded6e85425 100644 --- a/docs/pages/kubernetes-access/helm/guides/gcp.mdx +++ b/docs/pages/setup/helm-deployments/gcp.mdx @@ -43,37 +43,37 @@ Go to the "Roles" section of Google Cloud IAM & Admin. 1. Click the "Create Role" button at the top.
- ![Roles section](../../../../img/helm/gcp/1-roles@1.5x.png) + ![Roles section](../../../img/helm/gcp/1-roles@1.5x.png)
2. Fill in the details of a "Storage Bucket Creator" role (we suggest using the name `storage-bucket-creator-role`)
- ![Create role](../../../../img/helm/gcp/2-createrole@1.5x.png) + ![Create role](../../../img/helm/gcp/2-createrole@1.5x.png)
3. Click the "Add Permissions" button.
- ![Storage bucket creator role](../../../../img/helm/gcp/3-addpermissions@1.5x.png) + ![Storage bucket creator role](../../../img/helm/gcp/3-addpermissions@1.5x.png)
4. Use the "Filter" box to enter `storage.buckets.create` and select it in the list.
- ![Filter the list](../../../../img/helm/gcp/4-storagebucketscreate@1.5x.png) + ![Filter the list](../../../img/helm/gcp/4-storagebucketscreate@1.5x.png)
5. Check the `storage.buckets.create` permission in the list and click the "Add" button to add it to the role.
- ![Select storage.buckets.create](../../../../img/helm/gcp/5-select@1.5x.png) + ![Select storage.buckets.create](../../../img/helm/gcp/5-select@1.5x.png)
6. Once all these settings are entered successfully, click the "Create" button.
- ![Create role](../../../../img/helm/gcp/6-createrole@1.5x.png) + ![Create role](../../../img/helm/gcp/6-createrole@1.5x.png)
### Create an IAM role granting Cloud DNS permissions @@ -83,19 +83,19 @@ Go to the "Roles" section of Google Cloud IAM & Admin. 1. Click the "Create Role" button at the top.
- ![Roles section](../../../../img/helm/gcp/1-roles@1.5x.png) + ![Roles section](../../../img/helm/gcp/1-roles@1.5x.png)
2. Fill in the details of a "DNS Updater" role (we suggest using the name `dns-updater-role`)
- ![Create role](../../../../img/helm/gcp/13-dns-createrole@1.5x.png) + ![Create role](../../../img/helm/gcp/13-dns-createrole@1.5x.png)
3. Click the "Add Permissions" button.
- ![DNS updater role](../../../../img/helm/gcp/3-addpermissions@1.5x.png) + ![DNS updater role](../../../img/helm/gcp/3-addpermissions@1.5x.png)
4. Use the "Filter" box to find each of the following permissions in the list and add it. @@ -115,7 +115,7 @@ dns.managedZones.list 5. Once all these settings are entered successfully, click the "Create" button.
- ![Add DNS permissions](../../../../img/helm/gcp/14-dns-permissions-create@1.5x.png) + ![Add DNS permissions](../../../img/helm/gcp/14-dns-permissions-create@1.5x.png)
### Create a service account for the Teleport Helm chart @@ -131,13 +131,13 @@ Go to the "Service Accounts" section of Google Cloud IAM & Admin. 1. Click the "Create Service Account" button at the top.
- ![Create service account](../../../../img/helm/gcp/7-serviceaccounts@1.5x.png) + ![Create service account](../../../img/helm/gcp/7-serviceaccounts@1.5x.png)
2. Enter details for the service account (we recommend using the name `teleport-helm`) and click the "Create" button.
- ![Enter service account details](../../../../img/helm/gcp/8-createserviceaccount@1.5x.png) + ![Enter service account details](../../../img/helm/gcp/8-createserviceaccount@1.5x.png)
3. In the "Grant this service account access to project" section, add these four roles: @@ -151,7 +151,7 @@ Go to the "Service Accounts" section of Google Cloud IAM & Admin. | Storage Object Viewer | Allows reading of Google Cloud storage objects |
- ![Add roles](../../../../img/helm/gcp/9-addroles@1.5x.png) + ![Add roles](../../../img/helm/gcp/9-addroles@1.5x.png)
4. Click the "continue" button to save these settings, then click the "create" button to create the service account. @@ -163,20 +163,20 @@ Go back to the "Service Accounts" view in Google Cloud IAM & Admin. 1. Click on the `teleport-helm` service account that you just created.
- ![Click on the service account](../../../../img/helm/gcp/10-serviceaccountdetails@1.5x.png) + ![Click on the service account](../../../img/helm/gcp/10-serviceaccountdetails@1.5x.png)
2. Click the "Keys" tab at the top and click "Add Key". Choose "JSON" and click "Create".
- ![Create JSON key](../../../../img/helm/gcp/11-createkey.png) + ![Create JSON key](../../../img/helm/gcp/11-createkey.png)
3. The JSON private key will be downloaded to your computer. Take note of the filename (`bens-demos-24150b1a0a7f.json` in this example) as you will need it shortly.
- ![Private key saved](../../../../img/helm/gcp/12-privatekey@1.5x.png) + ![Private key saved](../../../img/helm/gcp/12-privatekey@1.5x.png)
@@ -413,7 +413,7 @@ To make changes to your Teleport cluster after deployment, you can use `helm upg Helm defaults to using the latest version of the chart available in the repo, which will also correspond to the latest version of Teleport. You can make sure that the repo is up to date by running `helm repo update`. -If you want to use a different version of Teleport, set the [`teleportVersionOverride`](../reference/teleport-cluster.mdx#teleportversionoverride) value. +If you want to use a different version of Teleport, set the [`teleportVersionOverride`](../../kubernetes-access/helm/reference/teleport-cluster.mdx#teleportversionoverride) value. Here's an example where we set the chart to use 3 replicas: @@ -464,8 +464,8 @@ $ helm --namespace cert-manager uninstall cert-manager ## Next steps -You can follow our [Getting Started with Teleport guide](../../../setup/guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your +You can follow our [Getting Started with Teleport guide](../guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your Teleport cluster. -See the [high availability section of our Helm chart reference](../reference/teleport-cluster.mdx#highavailability) for more details on high availability. +See the [high availability section of our Helm chart reference](../../kubernetes-access/helm/reference/teleport-cluster.mdx#highavailability) for more details on high availability. diff --git a/docs/pages/kubernetes-access/helm/guides/migration.mdx b/docs/pages/setup/helm-deployments/migration.mdx similarity index 100% rename from docs/pages/kubernetes-access/helm/guides/migration.mdx rename to docs/pages/setup/helm-deployments/migration.mdx