我目前有一个运行GraphQL服务器和正常nginx入口的AKS群集设置。我们正在尝试使用Websockets的GraphQL订阅。 GraphQL用于websocket的URL与用于GraphQL查询的URL相同。我们尝试添加代理配置以启用websocket入口,但从未建立连接。在没有Kubernetes的情况下运行GraphQL服务器是成功的,因此我们认为这里有特定于kubernetes的事情……有人在此方面取得了成功吗?下面的相关入口配置
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web-ingress
namespace: web
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
spec:
tls:
- hosts:
- my.host
- my-api.host
secretName: tls-secret
rules:
- host: my.host
http:
paths:
- path: /graphql
backend:
serviceName: webapi
servicePort: 80
- path: /(.*)
backend:
serviceName: website
servicePort: 80
- host: my-api.host
http:
paths:
- backend:
serviceName: webapi
servicePort: 80
path: /(.*)
答案 0 :(得分:0)
您可能要从不太复杂的配置开始,如下所示:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web-ingress
namespace: web
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: letsencrypt
ingress.kubernetes.io/ssl-redirect: "true"
kubernetes.io/tls-acme: "true"
spec:
tls:
- hosts:
- my.host
secretName: tls-secret
rules:
- host: my.host
http:
paths:
- path: /
backend:
serviceName: website
servicePort: 80
- path: /graphql
backend:
serviceName: webapi
servicePort: 80
我将配置切换到一个端点,而不是两个。由于NGINX开箱即用地处理了websocket,因此删除了一些配置。我删除了regexp。我添加了tls-acme批注。以及ssl-redirect。总而言之,我只是简化了一点。首先启动并运行它,然后开始应用高级配置,例如您所做的超时。
很高兴听到对此的任何反馈!