SignalR connection via K8S Ingress

Question

I'm trying to expose a SignalR hub hosted in a Kubernetes (Azure) pod. Basically, the authentication and the handshake steps work fine, but when I trigger some action, all clients connected via the k8s Ingress doesn't receive the message. Has anybody experienced this issue or just have shared SignalR hubs through Kubernetes - Ingress?

ingress.yml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: endpoints
  annotations:
    kubernetes.io/ingress.class: addon-http-application-routing
    ingress.kubernetes.io/ssl-redirect: "false"  
    nginx.ingress.kubernetes.io/ssl-redirect: "false"  
    nginx.org/websocket-services: "myservice"
spec:
  rules:
  - host: api.[MY-DOMAIN].com
    http:
      paths:
      - backend:
          serviceName: myservice
          servicePort: 80
        path: /myservice

Answer 1

Try:

annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/affinity: cookie
    nginx.ingress.kubernetes.io/session-cookie-hash: sha1
    nginx.ingress.kubernetes.io/session-cookie-name: REALTIMESERVERID

I wrote a sample project a while back, if you want a working example: DenisBiondic/RealTimeMicroservices

As a side note, consider using Azure SignalR Service, it should remove many headaches (also in the example above).

Answer 2

Not familiar with SignalR but there could be a couple of things.

1. The nginx Ingress might be stripping some http headers that SignalR needs. Are you familiar with the http headers that the SignalR is supposed to receive?

2. After authenticating, is it possible that SignalR hub is trying to speak TLS? I see that you have this running on port 80 with not TLS. You would have to configure something like this:

   apiVersion: extensions/v1beta1
   kind: Ingress
   metadata:
     name: endpoints
     annotations:
       kubernetes.io/ingress.class: addon-http-application-routing
       ingress.kubernetes.io/ssl-redirect: "false"  <== you may need to remove
       nginx.ingress.kubernetes.io/ssl-redirect: "false"   <== you may need to remove
       nginx.org/websocket-services: "myservice"
   spec:
     rules:
     - host: api.[MY-DOMAIN].com
       http:
         paths:
         - backend:
             serviceName: myservice
             servicePort: 80
           path: /myservice
     tls:
       - secretName: <your-tls-certs>
   

Hope it helps!