Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GCP LB timeout recommendation #52312

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

GCP LB timeout recommendation #52312

wants to merge 1 commit into from

Conversation

WilliamLoy
Copy link
Contributor

When customers use the default GCP LB timeout value of 30 seconds, agents disconnect due to the Teleport keepalive_interval being higher by default.

@WilliamLoy
GCP LB timeout recommendation
b6b268f 
When customers use the default GCP LB timeout value of 30 seconds, agents disconnect due to the Teleport keepalive_interval being higher by default.
@github-actions github-actions bot added documentation no-changelog Indicates that a PR does not require a changelog entry size/sm labels Feb 19, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 19, 2025
edited
Loading

Amplify deployment status

Branch Commit Job ID Status Preview Updated (UTC)
williamloy/gcp-lb-timeout HEAD 1 ✅SUCCEED williamloy-gcp-lb-timeout 2025-02-19 17:36:23

ptgott
ptgott approved these changes Feb 19, 2025
View reviewed changes
docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx
@@ -117,6 +117,10 @@ storage:
Load Balancing is required for Proxy and SSH traffic. Use `TCP Load Balancing` as
Teleport requires custom ports for SSH and Web Traffic.

GCP sets a default Load Balancer timeout of 30 seconds. You should either increase this to be longer than the Teleport Auth service default keepalive interval of 300 seconds or decrease the Teleport ```keep_alive_interval``` to be lower than the GCP timeout value.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
GCP sets a default Load Balancer timeout of 30 seconds. You should either increase this to be longer than the Teleport Auth service default keepalive interval of 300 seconds or decrease the Teleport ```keep_alive_interval``` to be lower than the GCP timeout value.
GCP sets a default Load Balancer timeout of 30 seconds. You should either increase this to be longer than the Teleport Auth Service default keepalive interval of 300 seconds or decrease the Teleport `keep_alive_interval` to be lower than the GCP timeout value.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would also be more explicit that keep_alive_interval is a configuration field, e.g., indicating that it's a field in the configuration file and specifying which section in the file the field belongs to.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is better if they don't decrease this below 30 seconds because it will cause a high volume of logs so if we can be more opinionated with the language i'd prefer to recommend increasing the LB timeout.

docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx
@@ -117,6 +117,10 @@ storage:
Load Balancing is required for Proxy and SSH traffic. Use `TCP Load Balancing` as
Teleport requires custom ports for SSH and Web Traffic.

GCP sets a default Load Balancer timeout of 30 seconds. You should either increase this to be longer than the Teleport Auth service default keepalive interval of 300 seconds or decrease the Teleport ```keep_alive_interval``` to be lower than the GCP timeout value.

Please reference the [Teleport Auth Configuration](https://goteleport.com/docs/reference/config/#auth-service) documentation for additional details.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Please reference the [Teleport Auth Configuration](https://goteleport.com/docs/reference/config/#auth-service) documentation for additional details.
Please reference the [Teleport Auth Service Configuration](https://goteleport.com/docs/reference/config/#auth-service) documentation for additional details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ptgott ptgott ptgott approved these changes

@hugoShaka hugoShaka Awaiting requested review from hugoShaka

@mmcallister mmcallister Awaiting requested review from mmcallister

@r0mant r0mant Awaiting requested review from r0mant

@xinding33 xinding33 Awaiting requested review from xinding33

@zmb3 zmb3 Awaiting requested review from zmb3

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
documentation no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@WilliamLoy @ptgott