ingress-gce: Ingress not Working With Websocket

Hello, I’m running applications on GKE

kubectl version
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.1", GitCommit:"b7394102d6ef778017f2ca4046abbaa23b88c290", GitTreeState:"clean", BuildDate:"2019-04-08T17:11:31Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"13+", GitVersion:"v1.13.6-gke.13", GitCommit:"fcbc1d20b6bca1936c0317743055ac75aef608ce", GitTreeState:"clean", BuildDate:"2019-06-19T20:50:07Z", GoVersion:"go1.11.5b4", Compiler:"gc", Platform:"linux/amd64"}

OS versions: COS

and I have got SpringBoot service with UI built with Vaadin. I have got problem, that websocket is not working thru GCE ingress (same solution works well thru nginx ingress). And I want use IAP for auth.

Current configuration: using GCE ingress, nodeport, backend configs and managed certificates

---
apiVersion: cloud.google.com/v1beta1
kind: BackendConfig
metadata:
  name: my-backend-config
  namespace: preprod
spec:
  timeoutSec: 720000
---

apiVersion: v1
kind: Service
metadata:
  name: ppkebo
  namespace: preprod
  annotations:
    cloud.google.com/app-protocols: '{"portbo":"HTTPS","portboplain":"HTTP"}'
    beta.cloud.google.com/backend-config: '{"ports": {"portbo" :"my-backend-config","portboplain" :"my-backend-config"}}'
spec:
  type: NodePort
  ports:
  - name: portbo
    protocol: TCP
    port: 443
    targetPort: 443
  - name: portboplain
    port: 8090
    targetPort: 8090
  selector:
   app: bo
   environment: preprod

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ppkebo
  namespace: preprod
  annotations:
    kubernetes.io/ingress.global-static-ip-name: preprod-ip	
    networking.gke.io/managed-certificates: example-certificate
    kubernetes.io/ingress.class: "gce"
spec:
  rules:
  - host: xx.example.com
    http:
      paths:
      - path: /*
        backend:
          servicePort: portboplain
          serviceName: ppkebo          
---
apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
  name: example-certificate
  namespace: preprod
spec:
  domains:
  - xx.example.com

From request perspective it looks like this: image

On nginx ingress it works fine.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 16 (6 by maintainers)

Most upvoted comments

Was there ever a solution to this?

Yup, there you go:

https://github.com/kubernetes/ingress-gce/tree/b0603c69382a39d097063eab8e3d9e30ca1cdf7b/examples/websocket#change-backend-timeout

+1
borisevstratov on Feb 9, 2023
Read more comments on GitHub
← ingress-gce: ingress-gce-404-server-with-metrics causes OOM
ingress-gce: Kubernetes incorrectly warns with "invalid ingress configuration" when using the "allow-http: false" annotation →