From b6b268f2605b02f4d6516f3d56e41e3a4c6a9706 Mon Sep 17 00:00:00 2001 From: William Loy Date: Wed, 19 Feb 2025 11:29:20 -0600 Subject: [PATCH 1/4] GCP LB timeout recommendation When customers use the default GCP LB timeout value of 30 seconds, agents disconnect due to the Teleport keepalive_interval being higher by default. --- docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx b/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx index 24ed2c6fcac79..e4a0dd99d3c70 100644 --- a/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx +++ b/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx @@ -117,6 +117,10 @@ storage: Load Balancing is required for Proxy and SSH traffic. Use `TCP Load Balancing` as Teleport requires custom ports for SSH and Web Traffic. +GCP sets a default Load Balancer timeout of 30 seconds. You should either increase this to be longer than the Teleport Auth service default keepalive interval of 300 seconds or decrease the Teleport ```keep_alive_interval``` to be lower than the GCP timeout value. + +Please reference the [Teleport Auth Configuration](https://goteleport.com/docs/reference/config/#auth-service) documentation for additional details. + ### Network Services: Cloud DNS Cloud DNS is used to set up the public URL of the Teleport Proxy. From 8e0d431a144d0ac85abb7cb721570900beba8e47 Mon Sep 17 00:00:00 2001 From: William Loy Date: Wed, 12 Mar 2025 09:16:02 -0500 Subject: [PATCH 2/4] Update docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx Co-authored-by: Paul Gottschling --- docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx b/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx index e4a0dd99d3c70..e2434fa539a80 100644 --- a/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx +++ b/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx @@ -119,7 +119,7 @@ Teleport requires custom ports for SSH and Web Traffic. GCP sets a default Load Balancer timeout of 30 seconds. You should either increase this to be longer than the Teleport Auth service default keepalive interval of 300 seconds or decrease the Teleport ```keep_alive_interval``` to be lower than the GCP timeout value. -Please reference the [Teleport Auth Configuration](https://goteleport.com/docs/reference/config/#auth-service) documentation for additional details. +Please reference the [Teleport Auth Service Configuration](https://goteleport.com/docs/reference/config/#auth-service) documentation for additional details. ### Network Services: Cloud DNS From 5cda6095baf3959549d30c38c1ff46ec81295e75 Mon Sep 17 00:00:00 2001 From: William Loy Date: Wed, 12 Mar 2025 09:16:12 -0500 Subject: [PATCH 3/4] Update docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx Co-authored-by: Paul Gottschling --- docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx b/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx index e2434fa539a80..65e5842be4443 100644 --- a/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx +++ b/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx @@ -117,7 +117,7 @@ storage: Load Balancing is required for Proxy and SSH traffic. Use `TCP Load Balancing` as Teleport requires custom ports for SSH and Web Traffic. -GCP sets a default Load Balancer timeout of 30 seconds. You should either increase this to be longer than the Teleport Auth service default keepalive interval of 300 seconds or decrease the Teleport ```keep_alive_interval``` to be lower than the GCP timeout value. +GCP sets a default Load Balancer timeout of 30 seconds. You should either increase this to be longer than the Teleport Auth Service default keepalive interval of 300 seconds or decrease the Teleport `keep_alive_interval` to be lower than the GCP timeout value. Please reference the [Teleport Auth Service Configuration](https://goteleport.com/docs/reference/config/#auth-service) documentation for additional details. From 81ab9fe822facc362fb01d540f2e186c2e6beb96 Mon Sep 17 00:00:00 2001 From: William Loy Date: Wed, 12 Mar 2025 13:49:36 -0500 Subject: [PATCH 4/4] Update gcp.mdx --- .../pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx b/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx index 65e5842be4443..d79c08dc838be 100644 --- a/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx +++ b/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx @@ -114,10 +114,10 @@ storage: ### Network Services: Load Balancing -Load Balancing is required for Proxy and SSH traffic. Use `TCP Load Balancing` as -Teleport requires custom ports for SSH and Web Traffic. -GCP sets a default Load Balancer timeout of 30 seconds. You should either increase this to be longer than the Teleport Auth Service default keepalive interval of 300 seconds or decrease the Teleport `keep_alive_interval` to be lower than the GCP timeout value. +Load Balancing is required for Proxy and SSH traffic. It is recommended to use `TCP Load Balancing` to support custom ports for SSH and Web Traffic. + +If you must use an L7 Load Balancer solution, please reference the [TLS Routing for Layer 7 Load Balancers](https://goteleport.com/docs/reference/architecture/tls-routing/#working-with-layer-7-load-balancers-or-reverse-proxies) documentation. Please reference the [Teleport Auth Service Configuration](https://goteleport.com/docs/reference/config/#auth-service) documentation for additional details.