Facing this issue if I am connecting to ingress for web socket service failed: Error during WebSocket handshake: Unexpected response code: 400
Ingress YAML
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: websocket-producer-cdph
spec:
rules:
host: some.domain.com
http:
paths:
path: "/"
backend:
serviceName: websocket-producer-cdph
servicePort: 8183
status:
loadBalancer:
ingress:
{}
Service YAML
kind: Service
apiVersion: v1
metadata:
name: websocket-producer-cdph
spec:
ports:
name: ws
protocol: TCP
port: 8183
targetPort: 8183
selector:
app: websocket-producer-cdph
clusterIP: 10.100.254.99
type: ClusterIP
sessionAffinity: None
status:
loadBalancer:
{}
When I try to listen ws://some.domain.com/ws it's showing Error during WebSocket handshake: Unexpected response code: 400
/ws is the path
But if go and update spec type in service to LoadBalancer, it'll generate an IP 192.168.1.17:8183 and listening to that ws://192.168.1.17:8183/ws its working but I need to expose the URL using ingress so it can be used outside of the network.
I am using the following image for ingress controller:
quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0
How can I create ingress for a web-socket service?
You want to add the nginx.org/websocket-services
annotation to your ingress resource definition. That, in turn, tells nginx to support websockets (which I believe has to do with the Upgrade/Connection headers?).
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: websocket-producer-cdph
annotations:
nginx.org/websocket-services: "websocket-producer-cdph"
spec:
rules:
- host: some.domain.com
http:
paths:
- path: /
backend:
serviceName: websocket-producer-cdph
servicePort: 8183
try add annotationnginx.ingress.kubernetes.io/upstream-hash-by: "$arg_token"
As stated in the nginx-ingress documentation, to proxy WebSocket traffic you should use annotation with the name of websocket service. Don't forget to use quotes:
nginx.org/websocket-services: "service1[,service2,...]"
In this example from the documentation, WebSocket is enabled only for one of three services (ws-svc
):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: cafe-ingress
annotations:
nginx.org/websocket-services: "ws-svc"
spec:
rules:
- host: cafe.example.com
http:
paths:
- path: /tea
backend:
serviceName: tea-svc
servicePort: 80
- path: /coffee
backend:
serviceName: coffee-svc
servicePort: 80
- path: /ws
backend:
serviceName: ws-svc
servicePort: 8008