Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebSocket not works using GCE Ingress. Ingress set UNHEALTHY status always #1067

Closed
masalinas opened this issue Apr 4, 2020 · 2 comments
Closed

WebSocket not works using GCE Ingress. Ingress set UNHEALTHY status always #1067

masalinas opened this issue Apr 4, 2020 · 2 comments
Assignees
@rramkumar1

Comments

@masalinas
Copy link

masalinas commented Apr 4, 2020
edited
Loading

I have 1.14 kubernetes version on GCE so the ingress-gce version is v1.6.0. with many services deployed. One of then is named trazelab-broker that expose the 9001 port of MQTT container throw the 80 ingress port service. I configured ingress but ingress always create a Healh check for this backen service to use HTTP port and not TCP, so the status is UNHEALTHY always and the port is closed for any communication from internet to this websocket.

If I set the correct port using the GCE UI and set the port to TCP the backen service status will convert to HEALTH after some seconds and the port is active correctly. Nevertheless some seconds later 60 seconds aprox, the status of the backend service come back again to UNHEALTHY and the port again is set to HTTP.

My questions is:

  • How could I set the TCP connection for this health check asocaited to the backend service created by ingrees and not the default HTTP?
  • Why if I set this port to TCP from UI later ingress or GCE set again the default type to HTTP?

These are the manifests for this service:

BackendConfig;

apiVersion: cloud.google.com/v1beta1
kind: BackendConfig
metadata:
  name: config-broker-ws
  namespace: trazelab-mefasa
spec:
  timeoutSec: 300
  connectionDraining:
    drainingTimeoutSec: 300
  healthCheck:
    type: TCP
    port: 80

Deployment and Service

apiVersion: v1
kind: Service
metadata:
  name: trazelab-broker
  namespace: trazelab-mefasa
  annotations:
    beta.cloud.google.com/backend-config: '{"ports": {"80": "config-broker-ws"}}'
  labels:
    app: trazelab-mefasa
spec:
  selector:
    app: trazelab-mefasa
    tier: broker
  type: NodePort
  ports:
    - name: tcp-port
      port: 1883
      targetPort: 1883
      protocol: TCP
    - name: tcp-ws-port
      port: 80
      targetPort: 9001
      protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: trazelab-broker
  namespace: trazelab-mefasa
  labels:
    app: trazelab-mefasa
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: trazelab-mefasa
      tier: broker
  template:
    metadata:
      labels:
        app: trazelab-mefasa
        tier: broker
    spec:
      containers:
      - name: mosquitto
        image: eclipse-mosquitto:latest
        imagePullPolicy: Always
        ports:
          - containerPort: 9001
          - containerPort: 1883
        livenessProbe:
          tcpSocket:
            port: 9001
        readinessProbe:
          tcpSocket:
            port: 9001
        volumeMounts:
          - name: trazelab-broker-config
            mountPath: /mosquitto/config
      volumes:
        - name: trazelab-broker-config
          configMap:
            name: trazelab-broker-config
            items:
              - key: broker-config
                path: mosquitto.conf

Ingress manifest:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: trazelab-ingress
  namespace: trazelab-mefasa
  labels:
    app: trazelab-mefasa
spec:
  rules:
    - host: mefasa.trazelab.io
      http:
        paths:
          - path: /*
            backend:
              serviceName: trazelab-ui
              servicePort: 80
    - host: api.mefasa.trazelab.io
      http:
        paths:
          - path: /*
            backend:
              serviceName: trazelab-api
              servicePort: 3000
    - host: gateway.mefasa.trazelab.io
      http:
        paths:
          - path: /*
            backend:
              serviceName: trazelab-gateway
              servicePort: 1880
    - host: broker-ws.mefasa.trazelab.io
      http:
        paths:
          - path: /*
            backend:
              serviceName: trazelab-broker
              servicePort: 80
@masalinas masalinas changed the title WebSocket port not woprks using GCE Ingress. Set UNHEALTHY from Ingress WebSocket not works using GCE Ingress. Ingress set UNHEALTHY status always Apr 4, 2020
@rramkumar1 rramkumar1 self-assigned this Apr 13, 2020
@rramkumar1
Copy link
Contributor

rramkumar1 commented Apr 14, 2020
edited
Loading

@masalinas Sorry for the delay in response. The reason that TCP health checks do not work is that they are not yet supported in the BackendConfig resource. You specified a healthCheck field in your BackendConfig resource in the original comment but that is not yet supported in Ingress-GCE 1.6

We are currently in the process of adding initial support for all health check protocols in the BackendConfig. We can take a feature request to add support for TCP as well.

@masalinas
Copy link
Author

I resolved the problem installing nginx ingress controller behind a LoadBalancer. nginxs is prepared with the path /healthz to be checked correctly.

Regards

libby added a commit to libby/qubernetes that referenced this issue May 1, 2020
@libby
Add support websocket rcp, default to 8546.
a981a34 
Add support for connecting to geth via websockets. The default port is
set to 8546 and will always be set, but websockets need to be enabled in
the Geth_Startup_Param inside the config, e.g. --ws --wsorigins=\"*\" --wsaddr 0.0.0.0
see examples/config/qubernetes-ingress-ws.yaml

To override the default set it in the config unger `geth.Node_WSPort`.

note:
If trying to connect externally from an ingress be aware that depending
on the backend k8s service and how the load balancing is implenented the
health checks may fail, e.g. for GKE setting a configurable health check in k8s is not supported yet,
but will be available soon: kubernetes/ingress-gce#1067.
@libby libby mentioned this issue May 1, 2020
Merged
libby added a commit to Consensys/qubernetes that referenced this issue May 1, 2020
@libby
Add support geth websockets rcp. (#28)
869a992 
Add support for connecting to geth via websockets rpc. The default port is set to `8546` and will always be set, but in order to use websockets they need to be enabled in the `geth.Geth_Startup_Param` inside the config yaml, e.g. --ws --wsorigins=\"*\" --wsaddr 0.0.0.0 see examples/config/qubernetes-ingress-ws.yaml

To override the default set it in the config under `geth.Node_WSPort`.

note:
If trying to connect externally via an ingress be aware that depending on the backend k8s service and how the load balancing is implemented the health checks may fail, e.g. for GKE currently has a health check that uses http, and setting a configurable health check in k8s is not supported yet,
but will be available soon: kubernetes/ingress-gce#1067.

* Change RPCPort 7nodes from 8546->8545.

change the 7nodes examples configs RPCPort to the default geth rpc port
so that it doesn't clash with the default websocket port (8546).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rramkumar1 rramkumar1

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@masalinas @rramkumar1