Add a local Getting Started guide for Kubernetes #10620
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
First off thanks to @ptgott for putting this improvement to documentation together. I'm just getting started with Teleport, so a guide showing me how to run locally is a big help. There is some discrepancy between the guide and usage. Perhaps this is because I'm running minikube in a VBOX? The one I have found so far has to do with If this ultimately due to running in a VBOX, I'd be happy to test or contribute anything back. The 10.x.x.x is internal. The 192.168.59.100 is my VBOX NET EDIT Here is the routing information from the minikube VM (while the tunnel is active) With the way routing is changed when the tunnel is active, I am able to access the k8's dashboard directly from my host machine. When I do attempt to access it through the Teleport launch, then after a timeout period I get "INTERNAL SERVER ERROR" |
probakowski
reviewed
Mar 3, 2022
| https://teleport-cluster.teleport-cluster.svc.cluster.local:443/web/invite/<token> | ||
| ``` | ||
|
|
||
| Next, open a browser at `https://localhost:443/web/invite/<token>`, copying the |
There was a problem hiding this comment.
original url (https://teleport-cluster.teleport-cluster.svc.cluster.local:443/web/invite/<token>) worked for me just fine, so maybe we can skip mentioning localhost here and just advice to visit url above?
ptgott
force-pushed
the
paul.gottschling/9359-local-k8s
branch
from
6c07217 to
c4eadd0
Compare
|
@bearrito @probakowski Thanks a lot for reviewing this! I've made some changes in response to your feedback. |
|
@r0mant @zmb3 @xinding33 would one of you have time to review this? Thanks! |
ptgott
force-pushed
the
paul.gottschling/9359-local-k8s
branch
4 times, most recently
from
b5f043f to
742bb1c
Compare
ptgott
force-pushed
the
paul.gottschling/9359-local-k8s
branch
from
742bb1c to
bb0e641
Compare
ptgott
force-pushed
the
paul.gottschling/9359-local-k8s
branch
from
bb0e641 to
0443420
Compare
ulysseskan
reviewed
Mar 22, 2022
ptgott
force-pushed
the
paul.gottschling/9359-local-k8s
branch
from
0443420 to
51ae533
Compare
xinding33
approved these changes
Mar 24, 2022
Comment on lines
21
to
25
| The **Teleport Auth Service** is the certificate authority for your cluster. It | ||
| issues certificates and conducts authentication challenges. The **Teleport Proxy | ||
| Service** is the cluster frontend, and handles user requests, forwards user | ||
| credentials to the Auth Service, and communicates with other Teleport | ||
| instances—called **Nodes**—that enable access to your infrastructure. |
There was a problem hiding this comment.
Since this is effectively a list anyway, what do you think of reformatting using list items?
| credentials to the Auth Service, and communicates with other Teleport | ||
| instances—called **Nodes**—that enable access to your infrastructure. | ||
|
|
||
| In our demo, one Node is a pod that runs Teleport's Application Service to |
There was a problem hiding this comment.
What's the "Application Service" referenced here? Can we be more specific?
Also, since the next sentence talks about "a second pod..." I think we should just say something along the lines of:
Suggested change
| In our demo, one Node is a pod that runs Teleport's Application Service to | |
| We will be running two pods for this demo. The first pod runs...` |
There was a problem hiding this comment.
I wrote this back when I was mistakenly using "Node" to refer to individual resource services. I've edited the wording.
| application to create your user. | ||
|
|
||
| <Details title="Don't want to use MFA in your local demo?" opened={false}> | ||
| We recommend requiring a second factor for all Teleport users. However, for |
There was a problem hiding this comment.
Suggested change
| We recommend requiring a second factor for all Teleport users. However, for | |
| We recommend requiring MFA for all Teleport users in production. However, for |
| ... | ||
| ``` | ||
|
|
||
| Copy the join token so you can assign it to `JOIN_TOKEN` below, then launch the |
There was a problem hiding this comment.
Since we use the terminology invite token in the code block above, I suggest we stick with that here.
Suggested change
| Copy the join token so you can assign it to `JOIN_TOKEN` below, then launch the | |
| Copy the invite token so you can assign it to `JOIN_TOKEN` below, then launch the |
ptgott
force-pushed
the
paul.gottschling/9359-local-k8s
branch
from
ae74932 to
0e3bec0
Compare
ulysseskan
approved these changes
Mar 29, 2022
There was a problem hiding this comment.
I tested the rest of the guide. It worked great.
I did have to launch the Teleport dashboard in Safari rather than Chromium 99.0.4844.88 though when using the self-signed cert. Chromium gave an error and refused to load the page, and there was no place to add an exception (though there may have been some hidden hotkey I could have pressed to allow it - I forget if this is a thing in Chrome).
I think you have an include about insecure pages already though.
ptgott
force-pushed
the
paul.gottschling/9359-local-k8s
branch
from
0e3bec0 to
4b4bf08
Compare
Our current Getting Started guides for Teleport on Kubernetes assume that readers are deploying resources to the cloud. Some users may want to get started quickly without, say, asking another team for permission to deploy a DNS zone. These users can then read our cloud-focused guides when it comes time to develop a proof of concept or use Teleport in production. Hopefully, this guide will expand the range of security-minded engineers who can get early firsthand experience with Teleport. This guide sets up Teleport on minikube and uses the App Service to access Kubernetes Dashboard. Because Kubernetes Dashboard is not initially accessible outside the cluster, this guide shows you how you can access it securely via Teleport without using `kubectl proxy`. We can also consider expanding this guide later on to introduce the Teleport Kubernetes Service or more sophisticated RBAC rules. Also worth noting that while this change adds a new tile to /docs/pages/kubernetes-access/getting-started.mdx, it does not add a new tile image. We can consider creating a new one or using the current one. Fixes #9359
I've made it more explicit that the minikube Docker driver is required for the demo. I have also added a row to the required software table that includes Docker Desktop/Docker Engine. I've tested this on my Linux desktop, and modified commands to support Docker Engine as well as Docker Desktop (i.e., "minikube tunnel" exposes a private IP address beside 127.0.0.1 for the load balancer). Also made a couple of minor tweaks, and removed the mention of localhost in relation to the Web UI.
ptgott
force-pushed
the
paul.gottschling/9359-local-k8s
branch
from
4b4bf08 to
9591a72
Compare
ptgott
added a commit
that referenced
this pull request
Mar 29, 2022
Backports #10620 * Add a local Getting Started guide for Kubernetes Our current Getting Started guides for Teleport on Kubernetes assume that readers are deploying resources to the cloud. Some users may want to get started quickly without, say, asking another team for permission to deploy a DNS zone. These users can then read our cloud-focused guides when it comes time to develop a proof of concept or use Teleport in production. Hopefully, this guide will expand the range of security-minded engineers who can get early firsthand experience with Teleport. This guide sets up Teleport on minikube and uses the App Service to access Kubernetes Dashboard. Because Kubernetes Dashboard is not initially accessible outside the cluster, this guide shows you how you can access it securely via Teleport without using `kubectl proxy`. We can also consider expanding this guide later on to introduce the Teleport Kubernetes Service or more sophisticated RBAC rules. Also worth noting that while this change adds a new tile to /docs/pages/kubernetes-access/getting-started.mdx, it does not add a new tile image. We can consider creating a new one or using the current one. Fixes #9359 * Respond to PR feedback I've made it more explicit that the minikube Docker driver is required for the demo. I have also added a row to the required software table that includes Docker Desktop/Docker Engine. I've tested this on my Linux desktop, and modified commands to support Docker Engine as well as Docker Desktop (i.e., "minikube tunnel" exposes a private IP address beside 127.0.0.1 for the load balancer). Also made a couple of minor tweaks, and removed the mention of localhost in relation to the Web UI. * Add Details for troubleshooting minikube tunnel * Ignore the dead link checker for a localhost link
ptgott
added a commit
that referenced
this pull request
Mar 29, 2022
Backports #10620 * Add a local Getting Started guide for Kubernetes Our current Getting Started guides for Teleport on Kubernetes assume that readers are deploying resources to the cloud. Some users may want to get started quickly without, say, asking another team for permission to deploy a DNS zone. These users can then read our cloud-focused guides when it comes time to develop a proof of concept or use Teleport in production. Hopefully, this guide will expand the range of security-minded engineers who can get early firsthand experience with Teleport. This guide sets up Teleport on minikube and uses the App Service to access Kubernetes Dashboard. Because Kubernetes Dashboard is not initially accessible outside the cluster, this guide shows you how you can access it securely via Teleport without using `kubectl proxy`. We can also consider expanding this guide later on to introduce the Teleport Kubernetes Service or more sophisticated RBAC rules. Also worth noting that while this change adds a new tile to /docs/pages/kubernetes-access/getting-started.mdx, it does not add a new tile image. We can consider creating a new one or using the current one. Fixes #9359 * Respond to PR feedback I've made it more explicit that the minikube Docker driver is required for the demo. I have also added a row to the required software table that includes Docker Desktop/Docker Engine. I've tested this on my Linux desktop, and modified commands to support Docker Engine as well as Docker Desktop (i.e., "minikube tunnel" exposes a private IP address beside 127.0.0.1 for the load balancer). Also made a couple of minor tweaks, and removed the mention of localhost in relation to the Web UI. * Add Details for troubleshooting minikube tunnel * Ignore the dead link checker for a localhost link
ptgott
added a commit
that referenced
this pull request
Mar 30, 2022
Backports #10620 * Add a local Getting Started guide for Kubernetes Our current Getting Started guides for Teleport on Kubernetes assume that readers are deploying resources to the cloud. Some users may want to get started quickly without, say, asking another team for permission to deploy a DNS zone. These users can then read our cloud-focused guides when it comes time to develop a proof of concept or use Teleport in production. Hopefully, this guide will expand the range of security-minded engineers who can get early firsthand experience with Teleport. This guide sets up Teleport on minikube and uses the App Service to access Kubernetes Dashboard. Because Kubernetes Dashboard is not initially accessible outside the cluster, this guide shows you how you can access it securely via Teleport without using `kubectl proxy`. We can also consider expanding this guide later on to introduce the Teleport Kubernetes Service or more sophisticated RBAC rules. Also worth noting that while this change adds a new tile to /docs/pages/kubernetes-access/getting-started.mdx, it does not add a new tile image. We can consider creating a new one or using the current one. Fixes #9359 * Respond to PR feedback I've made it more explicit that the minikube Docker driver is required for the demo. I have also added a row to the required software table that includes Docker Desktop/Docker Engine. I've tested this on my Linux desktop, and modified commands to support Docker Engine as well as Docker Desktop (i.e., "minikube tunnel" exposes a private IP address beside 127.0.0.1 for the load balancer). Also made a couple of minor tweaks, and removed the mention of localhost in relation to the Web UI. * Add Details for troubleshooting minikube tunnel * Ignore the dead link checker for a localhost link
ptgott
added a commit
that referenced
this pull request
Mar 30, 2022
Backports #10620 * Add a local Getting Started guide for Kubernetes Our current Getting Started guides for Teleport on Kubernetes assume that readers are deploying resources to the cloud. Some users may want to get started quickly without, say, asking another team for permission to deploy a DNS zone. These users can then read our cloud-focused guides when it comes time to develop a proof of concept or use Teleport in production. Hopefully, this guide will expand the range of security-minded engineers who can get early firsthand experience with Teleport. This guide sets up Teleport on minikube and uses the App Service to access Kubernetes Dashboard. Because Kubernetes Dashboard is not initially accessible outside the cluster, this guide shows you how you can access it securely via Teleport without using `kubectl proxy`. We can also consider expanding this guide later on to introduce the Teleport Kubernetes Service or more sophisticated RBAC rules. Also worth noting that while this change adds a new tile to /docs/pages/kubernetes-access/getting-started.mdx, it does not add a new tile image. We can consider creating a new one or using the current one. Fixes #9359 * Respond to PR feedback I've made it more explicit that the minikube Docker driver is required for the demo. I have also added a row to the required software table that includes Docker Desktop/Docker Engine. I've tested this on my Linux desktop, and modified commands to support Docker Engine as well as Docker Desktop (i.e., "minikube tunnel" exposes a private IP address beside 127.0.0.1 for the load balancer). Also made a couple of minor tweaks, and removed the mention of localhost in relation to the Web UI. * Add Details for troubleshooting minikube tunnel * Ignore the dead link checker for a localhost link
ptgott
added a commit
that referenced
this pull request
Mar 30, 2022
Backports #10620 * Add a local Getting Started guide for Kubernetes Our current Getting Started guides for Teleport on Kubernetes assume that readers are deploying resources to the cloud. Some users may want to get started quickly without, say, asking another team for permission to deploy a DNS zone. These users can then read our cloud-focused guides when it comes time to develop a proof of concept or use Teleport in production. Hopefully, this guide will expand the range of security-minded engineers who can get early firsthand experience with Teleport. This guide sets up Teleport on minikube and uses the App Service to access Kubernetes Dashboard. Because Kubernetes Dashboard is not initially accessible outside the cluster, this guide shows you how you can access it securely via Teleport without using `kubectl proxy`. We can also consider expanding this guide later on to introduce the Teleport Kubernetes Service or more sophisticated RBAC rules. Also worth noting that while this change adds a new tile to /docs/pages/kubernetes-access/getting-started.mdx, it does not add a new tile image. We can consider creating a new one or using the current one. Fixes #9359 * Respond to PR feedback I've made it more explicit that the minikube Docker driver is required for the demo. I have also added a row to the required software table that includes Docker Desktop/Docker Engine. I've tested this on my Linux desktop, and modified commands to support Docker Engine as well as Docker Desktop (i.e., "minikube tunnel" exposes a private IP address beside 127.0.0.1 for the load balancer). Also made a couple of minor tweaks, and removed the mention of localhost in relation to the Web UI. * Add Details for troubleshooting minikube tunnel * Ignore the dead link checker for a localhost link
ptgott
added a commit
that referenced
this pull request
Mar 30, 2022
Backports #10620 * Add a local Getting Started guide for Kubernetes Our current Getting Started guides for Teleport on Kubernetes assume that readers are deploying resources to the cloud. Some users may want to get started quickly without, say, asking another team for permission to deploy a DNS zone. These users can then read our cloud-focused guides when it comes time to develop a proof of concept or use Teleport in production. Hopefully, this guide will expand the range of security-minded engineers who can get early firsthand experience with Teleport. This guide sets up Teleport on minikube and uses the App Service to access Kubernetes Dashboard. Because Kubernetes Dashboard is not initially accessible outside the cluster, this guide shows you how you can access it securely via Teleport without using `kubectl proxy`. We can also consider expanding this guide later on to introduce the Teleport Kubernetes Service or more sophisticated RBAC rules. Also worth noting that while this change adds a new tile to /docs/pages/kubernetes-access/getting-started.mdx, it does not add a new tile image. We can consider creating a new one or using the current one. Fixes #9359 * Respond to PR feedback I've made it more explicit that the minikube Docker driver is required for the demo. I have also added a row to the required software table that includes Docker Desktop/Docker Engine. I've tested this on my Linux desktop, and modified commands to support Docker Engine as well as Docker Desktop (i.e., "minikube tunnel" exposes a private IP address beside 127.0.0.1 for the load balancer). Also made a couple of minor tweaks, and removed the mention of localhost in relation to the Web UI. * Add Details for troubleshooting minikube tunnel * Ignore the dead link checker for a localhost link
ptgott
added a commit
that referenced
this pull request
Mar 30, 2022
* Add a local Getting Started guide for Kubernetes Our current Getting Started guides for Teleport on Kubernetes assume that readers are deploying resources to the cloud. Some users may want to get started quickly without, say, asking another team for permission to deploy a DNS zone. These users can then read our cloud-focused guides when it comes time to develop a proof of concept or use Teleport in production. Hopefully, this guide will expand the range of security-minded engineers who can get early firsthand experience with Teleport. This guide sets up Teleport on minikube and uses the App Service to access Kubernetes Dashboard. Because Kubernetes Dashboard is not initially accessible outside the cluster, this guide shows you how you can access it securely via Teleport without using `kubectl proxy`. We can also consider expanding this guide later on to introduce the Teleport Kubernetes Service or more sophisticated RBAC rules. Also worth noting that while this change adds a new tile to /docs/pages/kubernetes-access/getting-started.mdx, it does not add a new tile image. We can consider creating a new one or using the current one. Fixes #9359 * Respond to PR feedback I've made it more explicit that the minikube Docker driver is required for the demo. I have also added a row to the required software table that includes Docker Desktop/Docker Engine. I've tested this on my Linux desktop, and modified commands to support Docker Engine as well as Docker Desktop (i.e., "minikube tunnel" exposes a private IP address beside 127.0.0.1 for the load balancer). Also made a couple of minor tweaks, and removed the mention of localhost in relation to the Web UI. * Address PR feedback * Add Details for troubleshooting minikube tunnel * Ignore the dead link checker for a localhost link
Closed
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Our current Getting Started guides for Teleport on Kubernetes
assume that readers are deploying resources to the cloud. Some
users may want to get started quickly without, say, asking
another team for permission to deploy a DNS zone. These users
can then read our cloud-focused guides when it comes time to
develop a proof of concept or use Teleport in production.
Hopefully, this guide will expand the range of security-minded
engineers who can get early firsthand experience with Teleport.
This guide sets up Teleport on minikube and uses the App Service
to access Kubernetes Dashboard. Because Kubernetes Dashboard is
not initially accessible outside the cluster, this guide shows
you how you can access it securely via Teleport without using
kubectl proxy.We can also consider expanding this guide later on to introduce
the Teleport Kubernetes Service or more sophisticated RBAC rules.
Also worth noting that while this change adds a new tile to
/docs/pages/kubernetes-access/getting-started.mdx, it does not
add a new tile image. We can consider creating a new one or
using the current one.
Fixes #9359