When I try to connect to the WebSocket through the gateway I get a 403 error

0 votes

I have deployed two services to a Kubernetes Cluster on GCP:

One is a Spring Cloud Api Gateway implementation:

apiVersion: v1
kind: Service
metadata:
  name: api-gateway
spec:
  ports:
  - name: main
    port: 80
    targetPort: 8080
    protocol: TCP
  selector:
    app: api-gateway
    tier: web
  type: NodePort

The other one is a backend chat service implementation which exposes a WebSocket at /ws/path.

apiVersion: v1
kind: Service
metadata:
 name: chat-api
spec:
  ports:
  - name: main
    port: 80
    targetPort: 8080
    protocol: TCP
  selector:
    app: chat
    tier: web
  type: NodePort

The API Gateway is exposed to internet through a Contour Ingress Controller:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: api-gateway-ingress
  annotations:
    kubernetes.io/tls-acme: "true"
    certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
    ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  tls:
  - secretName: api-gateway-tls
    hosts:
    - api.mydomain.com.br
  rules:
  - host: api.mydomain.com.br
    http:
      paths:
      - backend:
          serviceName: api-gateway
          servicePort: 80

The gateway routes incoming calls to /chat/ path to the chat service on /ws/:

@Bean
public RouteLocator routes(RouteLocatorBuilder builder) {
    return builder.routes()
            .route(r -> r.path("/chat/**")
                    .filters(f -> f.rewritePath("/chat/(?<segment>.*)", "/ws/(?<segment>.*)"))
                    .uri("ws://chat-api"))
            .build();
}

When I try to connect to the WebSocket through the gateway I get a 403 error:

error: Unexpected server response: 403

Oct 1, 2018 in Kubernetes by lina
 • 8,220 points 2,763 views

1 answer to this question.

0 votes

Try upgrading Contour to v0.6.0-beta.3 with IngressRoute

You can add an IngressRoute resource (crd) like this (remove your previous ingress resource):

#ingressroute.yaml
apiVersion: contour.heptio.com/v1beta1
kind: IngressRoute
metadata:
  name: api-gateway-ingress
  namespace: default
spec:
  virtualhost:
    fqdn: api.mydomain.com.br
    tls:
      secretName: api-gateway-tls
  routes:
    - match: /
      services:
        - name: api-gateway
          port: 80
    - match: /chat
      enableWebsockets: true 
      services:
        - name: api-gateway
          port: 80
answered Oct 1, 2018 by Kalgi
 • 52,360 points

Related Questions In Kubernetes

0 votes
1 answer

Error saying "Failed to request cluster info, will try again" when trying to join the kubernetes cluster

I had faced the same error. Make sure ...READ MORE

answered Oct 5, 2018 in Kubernetes by Kalgi
 • 52,360 points 4,740 views
+2 votes
1 answer

Error in log when trying to create a kubernetes cluster saying 1 node(s) had taints that the pod didn't tolerate.

You get this error when your pod ...READ MORE

answered Jan 11, 2019 in Kubernetes by Yesha
edited Jun 28, 2019 5,286 views
0 votes
2 answers

How do I create a volume in kubernetes so that it doesn't get detroyed when pods die?

if you need to do this is ...READ MORE

answered Jul 26, 2020 in Kubernetes by Akash Gupta
 1,262 views
0 votes
5 answers

Error saying "Unable to connect to the server: x509: certificate signed by unknown authority"

export KUBECONFIG=/etc/kubernetes/admin.conf READ MORE

answered Jul 27, 2019 in Kubernetes by aneesh ansari
 35,036 views
+6 votes
1 answer

Web UI (Dashboard): https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

Hey @nmentityvibes, you seem to be using ...READ MORE

answered Dec 13, 2018 in Kubernetes by Kalgi
 • 52,360 points 7,063 views
+1 vote
1 answer

set up kubernetes NGINX ingress in AWS with SSL termination

Try using ingress itself in this manner except ...READ MORE

answered Oct 10, 2018 in Kubernetes by Kalgi
 • 52,360 points 2,814 views
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17, 2019 in Others by anonymous
 14,592 views
+4 votes
1 answer

Installing Web UI (Dashboard):kubernetes-dashboard on main Ubuntu 16.04.6 LTS (Xenial Xerus) server

Follow these steps: $ kubeadm reset $ kubeadm init ...READ MORE

answered Apr 12, 2019 in Kubernetes by Kalgi
 • 52,360 points
reshown Apr 12, 2019 by Kalgi 6,077 views
0 votes
1 answer

image can't be pulled error when I try to pull a docker image - kubernetes

I think the image is being pulled ...READ MORE

answered Sep 4, 2018 in Kubernetes by Kalgi
 • 52,360 points 5,839 views
0 votes
1 answer

Now when I run "kubectl describe ing" the backend is listed as "UNHEALTHY" and all requests to the ingress IP give a 502

The application must return a 200 status ...READ MORE

answered Oct 5, 2018 in Kubernetes by Kalgi
 • 52,360 points 2,257 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.