zmb3
commented
2 months ago See also:
-
43103
-
34528
-
23096
-
20676
-
10342
-
5054
Open r0mant opened 2 months ago
zmb3
commented
2 months ago See also:
marcoandredinis
commented
3 weeks ago For SSH Server enrollments
The UI must be changed to have an optional list of labels that should be applied to the teleport.yaml configuration.
If the user adds anything there, the UI must update the token to include those labels as suggestedLabels
Endpoint:
https://github.com/gravitational/teleport/blob/95b8489ab458370437e5823cb5ead0424b655938/lib/web/apiserver.go#L866
When the installer script is fetched, it will include all the suggestedLabels in the teleport.yaml.
Note: the token already has one suggested label teleport.internal/resource-id. It must not be removed because it allows the UI to detect when the agent joins the cluster.
We should probably hide it from the UI.
For database enrollments The UI must be changed to have an optional list of labels when the user adds a database. This is valid for self-hosted and RDS databases.
The UI calls this endpoint https://github.com/gravitational/teleport/blob/95b8489ab458370437e5823cb5ead0424b655938/lib/web/apiserver.go#L889 Which already has the Labels field https://github.com/gravitational/teleport/blob/6614832058d03d90c17c47dfceefe8d2f6e11b44/lib/web/databases.go#L55
For EKS Clusters Backend PR: https://github.com/gravitational/teleport/pull/49420 The frontend must be changed to allow users to send extra labels to the resource that will be created https://github.com/gravitational/teleport/blob/02354f880c65f8a948a512ec8a2f67b9bc093f89/lib/web/integrations_awsoidc.go#L535
For self-hosted Kube Clusters The frontend must be changed to allow the user to optionally include the extra labels
Some of the resource-adding Discover flows do not allow to provide resource labels. This was intentionally omitted when we were originally implementing them but one consistent piece of feedback from SE team is that this leads to high friction during PoV's and is one of the main reasons they don't recommend these flows. Without ability to set resource labels, users have to resort to CLI to edit service config file to update the labels after having deployed it via Discover.