search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.52k stars 1.75k forks source link

Add support for peer_public_addr #11242

Closed dboslee closed 2 years ago

dboslee commented 2 years ago

What

I think we should split this into a peer_listen_addr and peer_public_addr like other listeners; the address we're listening on is not necessarily the routable address that other proxies should use.

Based on this discussion.

How

This will need to be added to the ServerSpec to be stored in the backend and distributed to peer proxies.

Other _public_addr configuration fields support lists. If we intend to support a list for peer_public_addr the proxy peering client will need to support dialing to the list of addresses and load balancing between them. See grpc/balancer for details on grpc client load balancing.

NajiObeid commented 2 years ago

@dboslee can you remind me why this is necessary?

dboslee commented 2 years ago

@dboslee can you remind me why this is necessary?

@NajiObeid I think this is mostly to be consistent with how other addresses are configurable in teleport. The use case would be for listening on a specific address with peer_listen_addr: 10.0.0.1:3021 but then setting some domainpeer_public_addr: example.teleport.com for peers to dial.

The grpc load balancing comment was just a thought on how it could be implemented. Maybe its enough to allow a single addr and nothing really needs to change for the proxy peer client.