gravitational
EKS Discovery auto-enroll flow assumes user knowledge
Expected behavior:
Teleport would provide more of a guided exp:
- Create a token to use
- Provide any information on required tools
- Show how to install Teleport or create a ECS discovery service
This might be the first time a user goes to enroll a resource in Teleport. Assuming they can do all this can be too much.
Current behavior:
The all enroll for EKS requires a user to have tctl available. There is no pre-req or info where to get tctl
This also assume a user knows how to install Teleport. There is no pre-req to having a Linux machine or how to install Teleport on that machine.
Bug details:
- Teleport version: 15.3.1
- Recreation steps
- Enroll EKS in Access Mgmt
- Go to Enroll EKS Cluster step
~~The UI also doesn't tell you that you need to add an IAM role to the instance running the discovery_service, which is step 1 in the EKS auto-discovery docs: https://goteleport.com/docs/auto-discovery/kubernetes/aws/#step-13-set-up-aws-iam-credentials~~
OK, so you don't actually need an IAM role on your discovery service when you're using an AWS integration. This is because EKS auto-discovery and EKS auto-discovery via Discover are two different things...
