fix: add back local users to quickstart (#1748)

infrahq · Apr 27, 2022 · 5278f2f · 5278f2f
1 parent 22f302e
commit 5278f2f
Showing 1 changed file with 63 additions and 58 deletions.
diff --git a/docs/getting-started/quickstart.md b/docs/getting-started/quickstart.md
@@ -1,23 +1,19 @@
 # Quickstart
 
-In this quickstart we'll set up Infra to manage single sign-on to Kubernetes.
-
-Follow these steps to install and setup Infra on Kubernetes.
+In this quickstart we'll set up Infra to manage single sign-on to Kubernetes:
+* Install Infra CLI
+* Deploy Infra
+* Connect a Kubernetes cluster
+* Create a user and grant them view (read-only) access to the cluster
 
 ### Prerequisites
 
-To use this quickstart guide you will need `helm` and `kubectl` installed.
-
 * Install [helm](https://helm.sh/docs/intro/install/) (v3+)
 * Install Kubernetes [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) (v1.14+)
-
-You will also need a Kubernetes cluster.
-
+* A Kubernetes cluster. For local testing we recommend [Docker Desktop](https://www.docker.com/products/docker-desktop/)
 
 ### 1. Install Infra CLI
 
-The Infra CLI is used to connect to the Infra server.
-
 <details>
   <summary><strong>macOS</strong></summary>
 
@@ -58,101 +54,110 @@ The Infra CLI is used to connect to the Infra server.
 </details>
 
 
-### 2. Setup an Infra server
+### 2. Deploy Infra
 
-Deploy an Infra server to kubernetes using helm.
+Deploy an Infra to your Kubernetes cluster via `helm`:
 
 ```
 helm repo add infrahq https://helm.infrahq.com/
 helm repo update
 helm install infra infrahq/infra
 ```
 
-Once the Infra server is deployed, login to the server to complete the setup.
+Next, find the hostname for Infra server you just deployed:
 
 ```
-infra login INFRA_URL --skip-tls-verify
+kubectl get service infra-server -o jsonpath="{.status.loadBalancer.ingress[*]['ip', 'hostname']}" -w
 ```
 
-Use the following command to find the Infra login URL. If you are not using a `LoadBalancer` service type, see the [Install on Kubernetes Guide](../install/kubernetes.md) for more information.
+> Note: It may take a few minutes for the LoadBalancer to be provisioned for the Infra server
 
-> Note: It may take a few minutes for the LoadBalancer endpoint to be assigned. You can watch the status of the service with:
-> ```bash
-> kubectl get service infra-server -w
-> ```
+Login to the Infra server using the hostname above and follow the prompt to create your admin account:
 
-```bash
-kubectl get service infra-server -o jsonpath="{.status.loadBalancer.ingress[*]['ip', 'hostname']}"
 ```
-
-Follow the instructions to create an admin account using email and password login.
+infra login <INFRA_SERVER_HOSTNAME> --skip-tls-verify
+```
 
 
 ### 3. Connect your first Kubernetes cluster
 
-In order to add connectors to Infra, you will need to set three pieces of information:
-
-* `connector.config.name` is a name you give to identify this cluster. For the purposes of this Quickstart, the name will be `example-name`
-* `connector.config.server` is the hostname or IP address the connector will use to communicate with the Infra server. This will be the same INFRA_URL value from step 2.
-* `connector.config.accessKey` is the access key the connector will use to communicate with the server. You can use an existing access key or generate a new access key as shown below:
-
-Generate an access key:
+Generate an access key named `key` to connect Kubernetes clusters:
 
 ```
-infra keys add KEY_NAME connector
+infra keys add connector-key connector
 ```
 
-Next, use this access key to connect your first cluster:
+Next, use this access key to connect your first cluster via `helm`. **Note:** this can be the same cluster used to install Infra in step 2.
+
+Prepare your values:
 
-```bash
+* `connector.config.name`: choose a name for this cluster
+* `connector.config.server`: the same hostname used for `infra login`
+* `connector.config.accessKey`: the key created above via `infra keys add`
+
+Install the Infra connector via `helm`:
+
+```
 helm upgrade --install infra-connector infrahq/infra \
-  --set connector.config.server=INFRA_URL \
-  --set connector.config.accessKey=ACCESS_KEY \
-  --set connector.config.name=example-name \
+  --set connector.config.name=example \
+  --set connector.config.server=<INFRA_SERVER_HOSTNAME> \
+  --set connector.config.accessKey=<ACCESS_KEY> \
   --set connector.config.skipTLSVerify=true
 ```
 
+| Note: it may take a few minutes for the cluster to connect. You can verify the connection by running `infra destinations list`
 
-### 4. Use your Kubernetes clusters
+### 4. Add a user and grant access to the cluster
 
-Grant the user Kubernetes cluster administrator privileges.
+Next, add a user:
 
 ```
-infra grants add name@example.com kubernetes.example-name --role cluster-admin
+infra id add user@example.com
 ```
 
-> To view different roles allowed for Kubernetes clusters, see [Kubernetes Roles](../connectors/kubernetes.md#roles)
+| Note: Infra will provide you a one-time password. Please note this password for step 5.
 
-You can now access the connected Kubernetes clusters via your favorite tools directly. Infra in the background automatically synchronizes your Kubernetes configuration file (kubeconfig).
-
-Alternatively, you can switch Kubernetes contexts by using the `infra use` command:
+Grant this user read-only access to the Kubernetes cluster you just connected to Infra:
 
 ```
-infra use kubernetes.example-name
+infra grants add [email protected] kubernetes.example --role view
 ```
 
-<details>
-  <summary><strong>Here are some other commands to get you started</strong></summary><br />
+### 5. Login as the example user and access the cluster:
+
+Use the one-time password in the previous step to log in as the user. You'll be prompted to change the user's password since it's this new user's first time logging in.
 
-See the cluster(s) you have access to:
 ```
-infra list
+infra login <INFRA_SERVER_HOSTNAME> --skip-tls-verify
 ```
-See the cluster(s) connected to Infra:
+
+Next, view this user's cluster access. You should see the user has `view` access to the `example` cluster connected above:
+
 ```
-infra destinations list
+infra list
 ```
-See who has access to what via Infra:
+
+Lastly, switch to this Kubernetes cluster and verify the user's access:
+
 ```
-infra grants list
+infra use kubernetes.example
 
-Note: this requires the user to have the admin role within Infra.
+# Works since the user has view access
+kubectl get pods -A
 
-An example to grant the permission:
-infra grants add [email protected] infra --role admin
+# Does not work
+kubectl create namespace test-namespace
 ```
-</details>
 
-### 5. Share the cluster(s) with other developers
+Congratulations, you've:
+* Installed Infra
+* Connected your first cluster
+* Created a user and granted them `view` access to the cluster
+
+### Next Steps
+
+* [Connect Okta](../guides/identity-providers/okta.md) to onboard & offboard your team automatically
+* [Manage & revoke access](../guides/granting-access.md) to users or groups
+* [Understand Kubernetes roles](../connectors/kubernetes.md#roles) for understand different access levels Infra supports for Kubernetes
+* [Customize your install](../install/install-on-kubernetes.md)
 
-To share access with Infra, developers will need to install Infra CLI, and be provided the login URL. If using local users, please share the one-time password.