From 8a80bcfcc37bee94f15f77a8da3db7bd68a03bd8 Mon Sep 17 00:00:00 2001 From: Manuel Alejandro de Brito Fontes Date: Tue, 25 Aug 2020 23:35:50 -0400 Subject: [PATCH] Update NLB idle timeout information --- deploy/static/provider/aws/deploy.yaml | 1 - docs/deploy/index.md | 12 ++++-------- hack/generate-deploy-scripts.sh | 4 ---- 3 files changed, 4 insertions(+), 13 deletions(-) diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 3cb8186d6..02acfbe50 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -274,7 +274,6 @@ kind: Service metadata: annotations: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60' service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' service.beta.kubernetes.io/aws-load-balancer-type: nlb labels: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 4f8cba927..0ebc51873 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -100,16 +100,12 @@ kubectl apply -f deploy-tls-termination.yaml ##### NLB Idle Timeouts -In some scenarios users will need to modify the value of the NLB idle timeout. Users need to ensure the idle timeout is less than the [keepalive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) that is configured for NGINX. +Idle timeout values for TCP flows is 350 seconds and [cannot be modified](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout). + +For this reason, you need to ensure the [keepalive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) configured value is less than 350 seconds to work as expected. + By default NGINX `keepalive_timeout` is set to `75s`. -The default NLB idle timeout works for most scenarios, unless the NGINX [keepalive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) has been modified, in which case the annotation - -`service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout` value must be modified to ensure it is less than the configured `keepalive_timeout`. - -!!! note "" - An idle timeout of `3600` is recommended when using WebSockets - More information with regards to timeouts for can be found in the [official AWS documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout) #### GCE-GKE diff --git a/hack/generate-deploy-scripts.sh b/hack/generate-deploy-scripts.sh index b3577b8d9..53cf85cd4 100755 --- a/hack/generate-deploy-scripts.sh +++ b/hack/generate-deploy-scripts.sh @@ -75,10 +75,6 @@ controller: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp" service.beta.kubernetes.io/aws-load-balancer-type: nlb service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default, - # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be - # increased to '3600' to avoid any potential issues. - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60" EOF echo "${NAMESPACE_VAR}