Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GCP LB timeout recommendation #52312

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

GCP LB timeout recommendation #52312

wants to merge 4 commits into from

Conversation

WilliamLoy
Copy link
Contributor

When customers use the default GCP LB timeout value of 30 seconds, agents disconnect due to the Teleport keepalive_interval being higher by default.

@WilliamLoy
GCP LB timeout recommendation
b6b268f 
When customers use the default GCP LB timeout value of 30 seconds, agents disconnect due to the Teleport keepalive_interval being higher by default.
@github-actions github-actions bot added documentation no-changelog Indicates that a PR does not require a changelog entry size/sm labels Feb 19, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 19, 2025
edited
Loading

Amplify deployment status

Branch Commit Job ID Status Preview Updated (UTC)
williamloy/gcp-lb-timeout 81ab9fe 4 ❌FAILED williamloy-gcp-lb-timeout 2025-03-12 18:55:52

@WilliamLoy @ptgott
Update docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx
8e0d431 
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
@WilliamLoy @ptgott
Update docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx
5cda609 
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
hugoShaka
hugoShaka reviewed Mar 12, 2025
View reviewed changes
docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx Outdated
@@ -117,6 +117,10 @@ storage:
Load Balancing is required for Proxy and SSH traffic. Use `TCP Load Balancing` as
Teleport requires custom ports for SSH and Web Traffic.

GCP sets a default Load Balancer timeout of 30 seconds. You should either increase this to be longer than the Teleport Auth Service default keepalive interval of 300 seconds or decrease the Teleport `keep_alive_interval` to be lower than the GCP timeout value.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This information is incomplete and not true in most cases.

AFAIK GCP does not have a concept of timeout for Passthrough TCP/UDP LBs, not for Proxy TCP/UDP LBs. The 30 second timeout is only on Application LBs (L7/HTTP) and varies based on the target type (target pool vs NEG).

The guide instructs users to use L4 LBs so they should not have to set the timeout (and I don't even think it's possible to set the L4 Lb timeout in GCP).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made revisions that I believe avoid inaccurate information while still informing the reader that L7 is an available option.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hugoShaka hugoShaka hugoShaka left review comments

@ptgott ptgott ptgott approved these changes

@mmcallister mmcallister Awaiting requested review from mmcallister

@r0mant r0mant Awaiting requested review from r0mant

@xinding33 xinding33 Awaiting requested review from xinding33

@zmb3 zmb3 Awaiting requested review from zmb3

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
documentation no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@WilliamLoy @hugoShaka @ptgott