WebSocket handshake: Unexpected response code: 400 in kubernetes-ingress

9/26/2018

Facing this issue if I am connecting to ingress for web socket service failed: Error during WebSocket handshake: Unexpected response code: 400

Ingress YAML

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: websocket-producer-cdph
spec:
  rules:
    host: some.domain.com
      http:
        paths:
          path: "/"
          backend:
            serviceName: websocket-producer-cdph
            servicePort: 8183
status:
loadBalancer:
ingress:
{}

Service YAML

kind: Service
apiVersion: v1
metadata:
  name: websocket-producer-cdph
spec:
  ports:    
    name: ws
    protocol: TCP
    port: 8183
    targetPort: 8183
selector:
  app: websocket-producer-cdph
clusterIP: 10.100.254.99
type: ClusterIP
sessionAffinity: None
status:
loadBalancer:
{}

When I try to listen ws://some.domain.com/ws it's showing Error during WebSocket handshake: Unexpected response code: 400

/ws is the path

But if go and update spec type in service to LoadBalancer, it'll generate an IP 192.168.1.17:8183 and listening to that ws://192.168.1.17:8183/ws its working but I need to expose the URL using ingress so it can be used outside of the network.

I am using the following image for ingress controller:

quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0

How can I create ingress for a web-socket service?

-- Kartik Purohit
kubernetes
kubernetes-ingress
websocket

3 Answers

9/26/2018

You want to add the nginx.org/websocket-services annotation to your ingress resource definition. That, in turn, tells nginx to support websockets (which I believe has to do with the Upgrade/Connection headers?).

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: websocket-producer-cdph
  annotations:
    nginx.org/websocket-services: "websocket-producer-cdph"
spec:
  rules:
  - host: some.domain.com
    http:
      paths:
      - path: /
        backend:
          serviceName: websocket-producer-cdph
          servicePort: 8183
-- samhain1138
Source: StackOverflow

1/1/2019

try add annotationnginx.ingress.kubernetes.io/upstream-hash-by: "$arg_token"

https://github.com/kubernetes/ingress-nginx/issues/2097

-- leonzhao
Source: StackOverflow

9/27/2018

As stated in the nginx-ingress documentation, to proxy WebSocket traffic you should use annotation with the name of websocket service. Don't forget to use quotes:

nginx.org/websocket-services: "service1[,service2,...]"

In this example from the documentation, WebSocket is enabled only for one of three services (ws-svc):

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: cafe-ingress
  annotations:
    nginx.org/websocket-services: "ws-svc"
spec:
  rules:
  - host: cafe.example.com
    http:
      paths:
      - path: /tea
        backend:
          serviceName: tea-svc
          servicePort: 80
      - path: /coffee
        backend:
          serviceName: coffee-svc
          servicePort: 80
      - path: /ws
        backend:
          serviceName: ws-svc
          servicePort: 8008
-- VAS
Source: StackOverflow