-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[docs] update GCP Cloud SQL database guides #41681
Conversation
877defd
to
e63d8f0
Compare
🤖 Vercel preview here: https://docs-kjr7savfi-goteleport.vercel.app/docs/ver/preview |
🤖 Vercel preview here: https://docs-4xori4813-goteleport.vercel.app/docs/ver/preview |
e63d8f0
to
7a5eb5d
Compare
🤖 Vercel preview here: https://docs-9b8a0yrsp-goteleport.vercel.app/docs/ver/preview |
docs/pages/includes/database-access/cloudsql-configure-create.mdx
Outdated
Show resolved
Hide resolved
docs/pages/database-access/enroll-google-cloud-databases/postgres-cloudsql.mdx
Outdated
Show resolved
Hide resolved
5ac3f76
to
9901f60
Compare
🤖 Vercel preview here: https://docs-3omd515rm-goteleport.vercel.app/docs/ver/preview |
🤖 Vercel preview here: https://docs-pu5jjxozx-goteleport.vercel.app/docs/ver/preview |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
docs/pages/includes/database-access/cloudsql_service_account_key.mdx
Outdated
Show resolved
Hide resolved
I don't even think "cloudsq.sslCerts.createEphemeral" permission exists anymore. Top search results for it are our documentation and an angry user's issue specifically about this permission requirement 😅 . I looked at the "Cloud SQL Admin" role in our gcp dev account and it doesnt have that permission: However the "Cloud SQL Admin" role is required (custom role doesnt work) when client cert is required. It also looks like our code is a little out of date: teleport/lib/srv/db/cloud/gcp.go Line 50 in 9637086
We use
We should probably update that to use By the way, our code will swallow the error if the database agent doesn't have permissions to check the ssl settings of the db, so this:
will not be seen in logs or by user. Instead, MySQL will fail because they connect to the wrong port (3306) instead of (3307). I'll open a ticket for these issues |
🤖 Vercel preview here: https://docs-5xb5par2y-goteleport.vercel.app/docs/ver/preview |
112bfcf
to
a861c85
Compare
🤖 Vercel preview here: https://docs-nwdu40k1t-goteleport.vercel.app/docs/ver/preview |
@GavinFrazar See the table below for backport results.
|
This is a docs only PR that updates our GCP SQL database guides:
install teleport > configure teleport > configure GCP credentials for teleport > start teleport
teleport db configure
equivalent, in a partial just for Cloud SQL databases.This PR also updates the auth token generation partial (which is used by many other db guides) to:
--format=text
so it only outputs the token itself. When someone is following our guides, they do not need to see the enormous amount of text hints we print normally from that command (I'm going to reduce that text spam in a code PR later btw).