pomerium: Websocket error with linkerd dashboard

What happened?

I cannot get the linkerd dashboard live stream of calls to work. I get "websocket error: undefined`.

What did you expect to happen?

I expect to see a stream of calls to my service. I see the live stream if I port-forward. I do not see the live stream if I proxy with pomerium.

What’s your environment like?

  • Pomerium version (retrieve with pomerium --version or /ping endpoint): v0.5.1
  • Server Operating System/Architecture/Cloud: K8s Rev: v1.14.9-eks-ba3d77

What’s your config.yaml?

apiVersion: v1
data:
  config.yaml: "policy: \n  - allow_websockets: true\n    allowed_groups:\n    - eng@tidepool.org\n
    \   allowed_users: []\n    from: https://glooe-monitoring.production.tidepool.org\n
    \   to: http://glooe-grafana.gloo-system.svc.cluster.local\n  - allow_websockets:
    true\n    allowed_groups:\n    - eng@tidepool.org\n    allowed_users: []\n    from:
    https://linkerd-dashboard.production.tidepool.org\n    to: http://linkerd-dashboard.linkerd.svc.cluster.local:8080\n"
kind: ConfigMap
metadata:
  annotations:
    flux.weave.works/antecedent: pomerium:helmrelease/pomerium
  creationTimestamp: "2019-12-12T18:50:52Z"
  labels:
    app.kubernetes.io/instance: pomerium
    app.kubernetes.io/managed-by: Tiller
    app.kubernetes.io/name: pomerium
    helm.sh/chart: pomerium-4.1.2
  name: pomerium
  namespace: pomerium
  resourceVersion: "26735217"
  selfLink: /api/v1/namespaces/pomerium/configmaps/pomerium
  uid: 525ccabf-1d10-11ea-abeb-02c077500bb6

Additional context

Add any other context about the problem here.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 26 (8 by maintainers)

Most upvoted comments

Problem SOLVED!

I had my gateway remove the Origin header BEFORE the request is passed to the Pomerium Proxy.

+1
derrickburns on Jan 14, 2020

I deleted the post. Red herring.

+1
derrickburns on Jan 14, 2020

@derrickburns I was about to ask if you had any other infrastructure items between the user, pomerium, and the downstream application.

For example, I know that (pomerium aside) running websockets behind nginx requires some extra markup.

PS. I removed the pomerium cookie you posted above. Though there are no access tokens in there, I just wanted to be on the safe side, as it does contain groups / users.

+1
desimone on Jan 9, 2020

I think this may be a configuration issue with my API gateway…

+1
derrickburns on Jan 9, 2020

The problem appears to occur immediately upon access to a link that uses web sockets.

+1
derrickburns on Jan 2, 2020
Screen Shot 2019-12-24 at 10 55 27 AM
+1
derrickburns on Dec 24, 2019
Screen Shot 2019-12-24 at 10 37 18 AM
+1
derrickburns on Dec 24, 2019
Read more comments on GitHub
← pomerium: v0.9.0 - Connection refused - no error in logs
ponyc: Compile error: "Pass 'Move heap allocations to the stack' is not initialized" →