Azure Kubernetes群集上的Websocket实施错误 [英] Error on Websocket Implementation on Azure Kubernetes Cluster Not working

问题描述

我正在尝试在组织环境中的Azure Kubernetes群集上使websocket服务正常工作. 我现有的环境还具有REST api和Angular应用程序，可通过ssl进行入口. 但是，当我在入口处添加websocket服务时，该服务无法正常工作.

I am trying to make the websocket service work on Azure Kubernetes Cluster on our organization environment. My existing environment also have REST api and Angular application working on ingress with ssl. But when I added the websocket service on the ingress it is not working.

因此，我尝试使用Azure免费订阅首先实现无SSL的相同订阅.对于我的应用程序，我启用了Http路由，并使用了注释addon-http-application-routing.

So, I tried to use Azure Free Subscription to first implement the same WITHOUT SSL. For my applications I enabled Http Routing and using the annotation addon-http-application-routing.

我遇到了错误. 'ws://40.119.7.246/ws'失败:WebSocket握手期间出错:意外的响应代码:404

请帮助验证我在哪里做错了吗?

Please help in validating where I am doing wrong?

下面是配置的详细信息.

Below are the details of the configuration.

Dockerfile

Dockerfile

FROM node:alpine
WORKDIR /app
COPY package*.json /app/
RUN npm install

COPY ./ /app/
RUN npm run build

CMD ["node","./dist/server.js"]

EXPOSE 8010

socketserver.yaml-包含部署和&服务.

socketserver.yaml - Contains Demployment & Service.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: socketserver
spec:
  replicas: 1
  selector:
    matchLabels:
      app: socketserver
  template:
    metadata:
      labels:
        app: socketserver
    spec:
      containers:
      - name: socketserver
        image: regkompella.azurecr.io/socketserver:1.0.0
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            memory: "128Mi"
            cpu: "500m"
        ports:
        - containerPort: 8010
      imagePullSecrets:
      - name: regkompella-azurecr-io
---
apiVersion: v1
kind: Service
metadata:
  name: socketserver-svc
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8010
  selector:
    app: socketserver
  type: ClusterIP
---

ingress.yaml

ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: demo-ingress
  annotations:
    kubernetes.io/ingress.class: addon-http-application-routing
    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, PUT, POST, DELETE, OPTIONS"
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/proxy-body-size: 10m
    nginx.ingress.kubernetes.io/websocket-services: socketserver-svc
    nginx.org/websocket-services: socketserver-svc
spec:
  rules:
  - host: demosocket.com
  - http:
      paths:
      - path: /
        backend:
          serviceName: angular-application-svc
          servicePort: 80
      - path: /ws
        backend:
          serviceName: socketserver-svc
          servicePort: 80

推荐答案

在阅读了很多文章并引用了一些github论坛之后(在下面添加了引用的文章).我说到做到两点后，我的websocket实现就开始工作了.我不确定这是否是正确的方法.我纯粹通过跟踪和错误方法实现了该解决方案.因此，我要求每个有足够了解的人，请提出是否有更好的方法来解决我的问题.一定要紧紧握住我的脚步.

After reading through a lot of articles and referring some of the github forums (Added referenced articles below). I come to a point where my websocket implementation started working after doing the two things. I am not sure yet if, this is the right way to do it or not. I achieved to this solution purely on trail and error method. Hence, I request everyone who have good grasp, kindly suggest if there is a better way to solve my problem. Always take my steps with a pinch of salt.

1. 通过链接安装了NGINX Ingress控制器.
>

1. Installed the NGINX Ingress controller from the link.

当我使用Azure Kubernetes Services时，我从文档中应用了以下yaml.

As I am using Azure Kubernetes Services, I applied the below yaml from the document.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud/deploy.yaml

1. 接下来，我对服务的演示记录配置进行了必要的更改.

我知道kubernetes.io/ingress.class:addon-http-application-routing注释不支持websocketing.因此，必须将其禁用.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: demo-ingress
  annotations:
    # this one annotation is making the websocket work.
    nginx.ingress.kubernetes.io/websocket-services: socketserver-svc

    # this one I left as-is. And not playing any role for this websocket 
    # implementation to work
    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, PUT, POST, DELETE, OPTIONS"

    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/proxy-body-size: 10m

    # I thought sticky session is also required for websocket to work. But seems 
    # this has no effect after I installed nginx ingress controller.
    # so disabled all the below annotations also.

    #nginx.org/websocket-services: socketserver-svc
    #nginx.ingress.kubernetes.io/affinity: cookie
    #nginx.ingress.kubernetes.io/affinity-mode: balanced
    #nginx.ingress.kubernetes.io/session-cookie-samesite: Strict
    #kubernetes.io/ingress.class: nginx
    #kubernetes.io/ingress.class: addon-http-application-routing

spec:
  rules:
  - host: demosocket.com
  - http:
      paths:
      - path: /ws
        backend:
          serviceName: socketserver-svc
          servicePort: 80

1. 我试图通过公共IP地址进行访问.而且我可以成功发送和接收消息.

ws://52.188.38.118/ws

ws://52.188.38.118/ws

现在，如果我想在不安装NGINX入口控制器(如步骤1所示)的情况下使websocket实现正常工作，并且想尝试使用AKS/minikube随附的默认入口控制器怎么办?答案如下.

Now, what if I want to make the websocket implementation work without installing NGINX Ingress Controller ( indicated on step 1) and want to try to use default ingress controller coming with AKS/minikube. The answer is below.

通过上述步骤

a)避免执行第1步:安装NGINX Ingress Controller.

a) Avoid Step 1: Installing NGINX Ingress Controller.

b)下面仅是在进入时需要进行的更改.使用以下注释代替入口yaml文件上第2步中指示的注释.一切都会开始起作用.

b) Only change that need to be made on ingress is below. Use the below annotations instead of the annotations indicated on Step 2 on the ingress yaml file. Things will start working.

# this annotation is making my web application also work if I plan to configure something in future.
nginx.ingress.kubernetes.io/ingress.class: nginx

# this one annotation is making the websocket work.
nginx.ingress.kubernetes.io/websocket-services: socketserver-svc

# by default ssl is true - as I am trying locally and want to disable ssl-# redirect. So set this to false.
nginx.ingress.kubernetes.io/ssl-redirect: "false"

# Below are just additional annotation to allow CORS etc.
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, PUT, POST, DELETE, OPTIONS"
nginx.ingress.kubernetes.io/proxy-body-size: 10m

参考文章:

1. https://medium.com/flant-com/comparing-ingress-controllers-for-kubernetes-9b397483b46b

https://kubernetes.github.io/ingress-nginx /deploy/#azure

先生. dstrebel的评论-> https://github.com/Azure/AKS/issues/768

Mr. dstrebel's comments -> https://github.com/Azure/AKS/issues/768

我通常建议仅在集群上设置一个Ingress Controller而不启用"http-application-routing"，因为它有很多限制. HTTP应用程序路由的目标是使用户能够快速使用Ingress进行设置，但由于配置的限制，实际上并没有真正用于生产部署.

I typically recommend just setting up a Ingress Controller on the cluster and not enabling "http-application-routing", as there's a lot of limitations to it. The goal with HTTP Application ROuting was for users to get setup quickly with Ingress, but not really for production deployments due to the limitations of the configuration.

DenisBiondic于2018年10月2日发表评论-> https://github.com /Azure/AKS/issues/672

我不确定100％，因为我不使用应用程序路由功能，但>我认为它不使用

I am not 100% certain, since I don't use application routing feature, but >I think it does not use the https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/websocket controller but rather the https://github.com/kubernetes/ingress-nginx. In case of the latter, I think enabling session affinity with cookies might be enough: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md#session-affinity

在您的情况下，您使用了错误的注释，该注释不适用于幕后的应用程序路由入口控制器.

In your case you are using the wrong annotation which does not work with application routing ingress controller under the hood.

我欢迎您提出建议和最佳做法.

I welcome suggestions and best practices.

这篇关于Azure Kubernetes群集上的Websocket实施错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！