【发布时间】:2020-08-27 00:47:09
【问题描述】:
我们尝试使用 nginx-ingress 控制器在 Kubernetes 集群上实现 WebSocket。
ingress.yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/proxy-read-timeout: "7200"
ingress.kubernetes.io/proxy-send-timeout: "7200"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
generation: 2
labels:
app: websocket
app.kubernetes.io/managed-by: Helm
chart: websocket-0.2.2693
release: websocket
name: websocket
namespace: %NAME_SPACE%
spec:
rules:
- host: %HOST_NAME%
http:
paths:
- backend:
serviceName: websocket
servicePort: 443
path: /
- backend:
serviceName: websocket
servicePort: 443
path: /socket.io
status:
loadBalancer:
ingress:
- ip: X.X.X.X
- ip: Y.Y.Y.Y
service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
meta.helm.sh/release-name: websocket
meta.helm.sh/release-namespace: %NAME_SPACE%
creationTimestamp: "2020-04-27T20:58:28Z"
labels:
app: websocket
app.kubernetes.io/managed-by: Helm
chart: websocket-0.2.2723
release: websocket
name: websocket
namespace: %NAME_SPACE%
resourceVersion: "2916073"
selfLink: /api/v1/namespaces/%NAME_SPACE%/services/websocket
uid: e4c08a00-6824-4e16-a3fa-cace0c9be519
spec:
clusterIP: 10.0.3.45
ports:
- name: websocket
port: 443
protocol: TCP
targetPort: 443
selector:
app: websocket
release: websocket
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
deployment.yaml:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "16"
meta.helm.sh/release-name: websocket
labels:
app: websocket
release: websocket
name: websocket
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 5
selector:
matchLabels:
app: websocket
release: websocket
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
spec:
containers:
image: %NAME_SPACE%.azurecr.io/websocket:2723
imagePullPolicy: Always
name: websocket
ports:
- containerPort: 443
name: websocket
protocol: TCP
resources:
limits:
cpu: 1500m
memory: 1Gi
requests:
cpu: 250m
memory: 64Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
从 nginx-ingress pod 获取日志时,我们注意到状态码是 101,这意味着它正在工作。
kubectl logs %POD_NAME% -n nginx-ingress --since 1m | grep websocket
输出:
[11/May/2020:12:47:29 +0000] "GET /socket.io/?EIO=3&transport=websocket HTTP/1.1" 101 91
但是,客户端返回500:
Error during WebSocket handshake: Unexpected response code: 500
连接自动关闭。
我熟悉以下线程,但没有一个对我有用:
https://gist.github.com/jsdevtom/7045c03c021ce46b08cb3f41db0d76da#file-ingress-service-yaml
https://github.com/kubernetes/ingress-nginx/issues/3746
任何帮助将不胜感激。
【问题讨论】:
-
支持websockets is provided by NGINX out of the box,您使用的是哪个云提供商? LB 和 NGINX 之间的协议是什么? TCP?
-
@willrof - Azure - TCP。是的,我知道 WebSocket 支持开箱即用,但没有一个对我有用。看起来握手正在客户端上。
-
您是否可以尝试使用this example 中提到的图像来确认这不是云 TCP 负载均衡器中的问题?我正在考虑如何使用 HTTPS websocket 进行复制。你能为这个 https 套接字提供部署/svc yamls 吗?这会很有帮助。
-
@willrof 用部署和服务更新我的问题
-
感谢您的信息,但由于您的私有 docker 映像,我无法真正测试它,我建议您尝试直接通过 api 访问服务:
kubectl port-forward -n %NAME_SPACE% service/websocket 7000:443并检查开发人员工具中的请求并查看 http 请求和 ws 连接,因为它看起来像 https 后端问题,请提供来自开发控制台的屏幕。另外,您使用的是网络负载均衡器(L4)吗?
标签: nginx kubernetes websocket kubernetes-ingress nginx-ingress