Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SignalR connection via K8S Ingress

I'm trying to expose a SignalR hub hosted in a Kubernetes (Azure) pod. Basically, the authentication and the handshake steps work fine, but when I trigger some action, all clients connected via the k8s Ingress doesn't receive the message. Has anybody experienced this issue or just have shared SignalR hubs through Kubernetes - Ingress?

ingress.yml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: endpoints
  annotations:
    kubernetes.io/ingress.class: addon-http-application-routing
    ingress.kubernetes.io/ssl-redirect: "false"  
    nginx.ingress.kubernetes.io/ssl-redirect: "false"  
    nginx.org/websocket-services: "myservice"
spec:
  rules:
  - host: api.[MY-DOMAIN].com
    http:
      paths:
      - backend:
          serviceName: myservice
          servicePort: 80
        path: /myservice
like image 448
Alvaro Cantador Avatar asked Sep 19 '18 20:09

Alvaro Cantador


Video Answer


2 Answers

Try:

annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/affinity: cookie
    nginx.ingress.kubernetes.io/session-cookie-hash: sha1
    nginx.ingress.kubernetes.io/session-cookie-name: REALTIMESERVERID

I wrote a sample project a while back, if you want a working example: DenisBiondic/RealTimeMicroservices

As a side note, consider using Azure SignalR Service, it should remove many headaches (also in the example above).

like image 152
Denis Biondic Avatar answered Sep 28 '22 01:09

Denis Biondic


Not familiar with SignalR but there could be a couple of things.

  1. The nginx Ingress might be stripping some http headers that SignalR needs. Are you familiar with the http headers that the SignalR is supposed to receive?
  2. After authenticating, is it possible that SignalR hub is trying to speak TLS? I see that you have this running on port 80 with not TLS. You would have to configure something like this:

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      name: endpoints
      annotations:
        kubernetes.io/ingress.class: addon-http-application-routing
        ingress.kubernetes.io/ssl-redirect: "false"  <== you may need to remove
        nginx.ingress.kubernetes.io/ssl-redirect: "false"   <== you may need to remove
        nginx.org/websocket-services: "myservice"
    spec:
      rules:
      - host: api.[MY-DOMAIN].com
        http:
          paths:
          - backend:
              serviceName: myservice
              servicePort: 80
            path: /myservice
      tls:
        - secretName: <your-tls-certs>
    

Hope it helps!

like image 39
Rico Avatar answered Sep 28 '22 00:09

Rico