I'm trying to expose some services using WebSockets on DigitalOcean Kubernetes using Ambassador and DO LoadBalancer.
When exposing WebSocket service directly using LoadBalancer it works (I can connect to it).
But when Trying o route it trough Ambassador it doesn't. At this point I don't know if I missconfigured something or there is an bug in Ambassador.
When testing with Ambassdor samples for HTTP routing it worked, but there is zero documentation about using WebSockets.
Here is configuration for all relevelant pieces:
Ambassador RBAC:
---
apiVersion: v1
kind: Service
metadata:
labels:
service: ambassador-admin
name: ambassador-admin
spec:
type: NodePort
ports:
- name: ambassador-admin
port: 8877
targetPort: 8877
selector:
service: ambassador
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: ambassador
rules:
- apiGroups: [""]
resources:
- services
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources:
- configmaps
verbs: ["create", "update", "patch", "get", "list", "watch"]
- apiGroups: [""]
resources:
- secrets
verbs: ["get", "list", "watch"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ambassador
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: ambassador
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ambassador
subjects:
- kind: ServiceAccount
name: ambassador
namespace: default
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: ambassador
spec:
replicas: 3
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
labels:
service: ambassador
spec:
serviceAccountName: ambassador
containers:
- name: ambassador
image: quay.io/datawire/ambassador:0.40.0
resources:
limits:
cpu: 1
memory: 400Mi
requests:
cpu: 200m
memory: 100Mi
env:
- name: AMBASSADOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: admin
containerPort: 8877
- name: websocket1
containerPort: 8010
- name: websocket2
containerPort: 8011
livenessProbe:
httpGet:
path: /ambassador/v0/check_alive
port: 8877
initialDelaySeconds: 30
periodSeconds: 3
readinessProbe:
httpGet:
path: /ambassador/v0/check_ready
port: 8877
initialDelaySeconds: 30
periodSeconds: 3
restartPolicy: AlwaysAmbassador service:
---
apiVersion: v1
kind: Service
metadata:
name: ambassador
spec:
type: LoadBalancer
ports:
- port: 80
name: http
- port: 8010
name: websocket1
- port: 8011
name: websocket2
selector:
service: ambassadorWebsocket Pod:
---
apiVersion: v1
kind: Pod
metadata:
name: web-socket-test
labels:
app: web-socket-test
spec:
containers:
- name: web-socket-test
image: ksdn117/web-socket-test
ports:
- containerPort: 8010
- containerPort: 31448
- containerPort: 8011
- containerPort: 31057websocket service:
---
apiVersion: v1
kind: Service
metadata:
name: web-socket-test
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Mapping
name: web-socket-test_mapping
prefix: /web-socket-test/
service: web-socket-test
use_websocket: True
spec:
selector:
app: web-socket-test
ports:
- protocol: TCP
port: 8011
targetPort: 31057
name: websocket1
- protocol: TCP
port: 31057
targetPort: 8010
name: websocket2