Convert the Trusted Clusters guide to a tutorial (and edit for different scopes) #10708
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
from
df22110 to
6c015cc
Compare
ulysseskan
reviewed
Mar 8, 2022
ulysseskan
reviewed
Mar 9, 2022
ulysseskan
reviewed
Mar 9, 2022
ulysseskan
reviewed
Mar 9, 2022
ulysseskan
reviewed
Mar 11, 2022
ulysseskan
reviewed
Mar 11, 2022
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
from
6c015cc to
506b5f8
Compare
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
2 times, most recently
from
df50c14 to
68236c8
Compare
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
2 times, most recently
from
8795dac to
9f70eed
Compare
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
2 times, most recently
from
2a9b39c to
ba32aa6
Compare
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
2 times, most recently
from
3166c27 to
0054cce
Compare
zmb3
reviewed
Apr 12, 2022
|
|
||
| ## Introduction | ||
| If you have a large number of devices on different networks, such as managed |
There was a problem hiding this comment.
I'm not sure the criteria for using tunneling is "a large number of devices."
Technically, node tunneling consumes more resources than direct dial, so your cluster would better handle a large number of devices if you did not use tunneling.
I would recommend we reword this so that networking is the main driver for tunneling.
Something like:
If your nodes are deployed behind a firewall or otherwise not reachable by the Teleport Proxy Service, you can connect your nodes via Teleport Node Tunneling. Instead of connection to the Auth Service directly, ...
| ## How Trusted Clusters work | ||
|
|
||
| Teleport can partition compute infrastructure into multiple clusters. A cluster | ||
| is a group of Teleport SSH Nodes connected to the cluster's Auth Service, which |
There was a problem hiding this comment.
Suggested change
| is a group of Teleport SSH Nodes connected to the cluster's Auth Service, which | |
| is a group of Teleport resources connected to the cluster's Auth Service, which |
Not sure of term (resources, agents, etc), but let's be clear that a cluster is more than SSH nodes and an Auth Service.
| - Tries to find a local role that maps to the list of principals found in the certificate. | ||
| - Checks if the local role allows the requested identity (UNIX login) to have access. | ||
| - Checks if the local role allows the requested identity (Unix login) to have access. |
There was a problem hiding this comment.
Nit: in the PRs I've reviewed today, we've used all of these interchangeably:
- Unix login
- OS login
- Host login
Should we standardize on a term here?
There was a problem hiding this comment.
I'm not sure we need to have a standard for this unless this is a Teleport-specific technical term. We use logins in user/role resource definitions, but the docs also sometimes use the term outside of that context. I'll add it to my list of possible topics to include in a style guide.
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
from
0054cce to
dc417d1
Compare
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
2 times, most recently
from
7019b0e to
451f720
Compare
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
3 times, most recently
from
d49b6c4 to
c4964c6
Compare
|
Since I need to audit this guide to complete #11841 and this PR has only received one review, I am going to use this branch to make my changes. Turning this into a draft PR until I finish this work. |
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
from
c4964c6 to
be1cc1e
Compare
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
2 times, most recently
from
ed92701 to
300b93e
Compare
ptgott
changed the title
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
from
300b93e to
4da03a4
Compare
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
from
4da03a4 to
782e81f
Compare
zmb3
approved these changes
Jun 3, 2022
See #10633 - Misc style/grammar/clarity tweaks - Turn the Teleport Node Tunneling Admonition into a Details box so it can be invisible for Cloud users. In Cloud, Nodes must connect via Node Tunneling. - Use Tabs components to add Cloud versions of CLI commands - Only show the static join token method for self-hosted users via Tabs - Use a Details box to show content relevant only for Enterprise and Cloud users - Remove an Admonition that was duplicated in the Troubleshooting section
See: #11841 The Trusted Clusters guide is organized as a conceptual introduction, with configuration/command snippets used as illustrations. To make this guide easier to follow, I have structured it as a step-by-step tutorial where a user should be able to copy each command/config snippet on their own environment, establish trust between clusters, and connect to a remote Node. Some more specific changes: - Remove Details box re: Node Tunneling: This isn't strictly relevant to Trusted Clusters, so removing it shortens and simplifies what is quite a long guide. - Make "How Trusted Clusters work" more concise and add the information to the introduction. - Move long explanatory passages into Details boxes. Eventually, it would be great to split this guide into multiple guides that explain different topics in more depth (e.g., a section of the docs devoted to Trusted Clusters). For now, this is the quickest way to organize conceptual information without detracting from the tutorial structure.
ptgott
force-pushed
the
paul.gottschling/10633-setup-cloud-2
branch
from
782e81f to
1ba5103
Compare
ptgott
added a commit
that referenced
this pull request
Jun 7, 2022
Backports #10708 * Edit the Trusted Clusters guide for Cloud See #10633 - Misc style/grammar/clarity tweaks - Turn the Teleport Node Tunneling Admonition into a Details box so it can be invisible for Cloud users. In Cloud, Nodes must connect via Node Tunneling. - Use Tabs components to add Cloud versions of CLI commands - Only show the static join token method for self-hosted users via Tabs - Use a Details box to show content relevant only for Enterprise and Cloud users - Remove an Admonition that was duplicated in the Troubleshooting section * Respond to PR feedback * Address PR feedback * Turn the Trusted Clusters guide into a tutorial See: #11841 The Trusted Clusters guide is organized as a conceptual introduction, with configuration/command snippets used as illustrations. To make this guide easier to follow, I have structured it as a step-by-step tutorial where a user should be able to copy each command/config snippet on their own environment, establish trust between clusters, and connect to a remote Node. Some more specific changes: - Remove Details box re: Node Tunneling: This isn't strictly relevant to Trusted Clusters, so removing it shortens and simplifies what is quite a long guide. - Make "How Trusted Clusters work" more concise and add the information to the introduction. - Move long explanatory passages into Details boxes. Eventually, it would be great to split this guide into multiple guides that explain different topics in more depth (e.g., a section of the docs devoted to Trusted Clusters). For now, this is the quickest way to organize conceptual information without detracting from the tutorial structure.
This was referenced Jun 7, 2022
ptgott
added a commit
that referenced
this pull request
Jun 22, 2022
Backports #10708 * Edit the Trusted Clusters guide for Cloud See #10633 - Misc style/grammar/clarity tweaks - Turn the Teleport Node Tunneling Admonition into a Details box so it can be invisible for Cloud users. In Cloud, Nodes must connect via Node Tunneling. - Use Tabs components to add Cloud versions of CLI commands - Only show the static join token method for self-hosted users via Tabs - Use a Details box to show content relevant only for Enterprise and Cloud users - Remove an Admonition that was duplicated in the Troubleshooting section * Respond to PR feedback * Address PR feedback * Turn the Trusted Clusters guide into a tutorial See: #11841 The Trusted Clusters guide is organized as a conceptual introduction, with configuration/command snippets used as illustrations. To make this guide easier to follow, I have structured it as a step-by-step tutorial where a user should be able to copy each command/config snippet on their own environment, establish trust between clusters, and connect to a remote Node. Some more specific changes: - Remove Details box re: Node Tunneling: This isn't strictly relevant to Trusted Clusters, so removing it shortens and simplifies what is quite a long guide. - Make "How Trusted Clusters work" more concise and add the information to the introduction. - Move long explanatory passages into Details boxes. Eventually, it would be great to split this guide into multiple guides that explain different topics in more depth (e.g., a section of the docs devoted to Trusted Clusters). For now, this is the quickest way to organize conceptual information without detracting from the tutorial structure.
ptgott
added a commit
that referenced
this pull request
Jun 22, 2022
Convert the Trusted Clusters guide to a tutorial Backports #10708 * Edit the Trusted Clusters guide for Cloud See #10633 - Misc style/grammar/clarity tweaks - Turn the Teleport Node Tunneling Admonition into a Details box so it can be invisible for Cloud users. In Cloud, Nodes must connect via Node Tunneling. - Use Tabs components to add Cloud versions of CLI commands - Only show the static join token method for self-hosted users via Tabs - Use a Details box to show content relevant only for Enterprise and Cloud users - Remove an Admonition that was duplicated in the Troubleshooting section * Respond to PR feedback * Address PR feedback * Turn the Trusted Clusters guide into a tutorial See: #11841 The Trusted Clusters guide is organized as a conceptual introduction, with configuration/command snippets used as illustrations. To make this guide easier to follow, I have structured it as a step-by-step tutorial where a user should be able to copy each command/config snippet on their own environment, establish trust between clusters, and connect to a remote Node. Some more specific changes: - Remove Details box re: Node Tunneling: This isn't strictly relevant to Trusted Clusters, so removing it shortens and simplifies what is quite a long guide. - Make "How Trusted Clusters work" more concise and add the information to the introduction. - Move long explanatory passages into Details boxes. Eventually, it would be great to split this guide into multiple guides that explain different topics in more depth (e.g., a section of the docs devoted to Trusted Clusters). For now, this is the quickest way to organize conceptual information without detracting from the tutorial structure.
ptgott
added a commit
that referenced
this pull request
Jun 22, 2022
* Edit the Trusted Clusters guide for Cloud See #10633 - Misc style/grammar/clarity tweaks - Turn the Teleport Node Tunneling Admonition into a Details box so it can be invisible for Cloud users. In Cloud, Nodes must connect via Node Tunneling. - Use Tabs components to add Cloud versions of CLI commands - Only show the static join token method for self-hosted users via Tabs - Use a Details box to show content relevant only for Enterprise and Cloud users - Remove an Admonition that was duplicated in the Troubleshooting section * Respond to PR feedback * Address PR feedback * Turn the Trusted Clusters guide into a tutorial See: #11841 The Trusted Clusters guide is organized as a conceptual introduction, with configuration/command snippets used as illustrations. To make this guide easier to follow, I have structured it as a step-by-step tutorial where a user should be able to copy each command/config snippet on their own environment, establish trust between clusters, and connect to a remote Node. Some more specific changes: - Remove Details box re: Node Tunneling: This isn't strictly relevant to Trusted Clusters, so removing it shortens and simplifies what is quite a long guide. - Make "How Trusted Clusters work" more concise and add the information to the introduction. - Move long explanatory passages into Details boxes. Eventually, it would be great to split this guide into multiple guides that explain different topics in more depth (e.g., a section of the docs devoted to Trusted Clusters). For now, this is the quickest way to organize conceptual information without detracting from the tutorial structure.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See #10633
box so it can be invisible for Cloud users. In Cloud, Nodes
must connect via Node Tunneling.
via Tabs
and Cloud users
section