Kong 1.2.0 – WebSocket connection to ‘ws://xxx’ failed: Error during WebSocket handshake: ‘Upgrade’ header is missing

升级Kong 1.1.1到1.2.0后,原来工作正常的WebSocket连接不上了,前端提示:’Upgrade’ header is missing
Server端提示:

System.Net.WebSockets.WebSocketException (2): The remote party closed the WebSocket connection without completing the close handshake.

Google了下应该是Kong 1.2.0的bug:

Websocket Upgrade header missing after upgrade to 1.2.0

kong 1.2.1 websocket fail

fix(proxy) do not clear upgrade header (case-insensitive), fix #4779 #4780

但Milestone是1.2.2, 还没有发布. 紧急有效的修复方法是从github中拿到修复后的handler.lua文件, 创建configmap:

apiVersion: v1
data:
  handler.lua: |-
    -- Kong runloop
    --
    -- This consists of local_events that need to
    -- be ran at the very beginning and very end of the lua-nginx-module contexts.
    -- It mainly carries information related to a request from one context to the next one,
    -- through the `ngx.ctx` table.
    --
    -- In the `access_by_lua` phase, it is responsible for retrieving the route being proxied by
    -- a consumer. Then it is responsible for loading the plugins to execute on this request.
    local ck           = require "resty.cookie"
    local meta         = require "kong.meta"
    ...
kind: ConfigMap
metadata:
  name: kong-1.2.0-0-runloop-handler.lua
  namespace: kong

然后在kong daemonset/deployment中把configmap挂载到路径/usr/local/share/lua/5.1/kong/runloop/handler.lua:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app: kong
    name: kong
  name: kong
  namespace: kong
spec:
  selector:
    matchLabels:
      name: kong
  template:
    metadata:
      labels:
        app: kong
        name: kong
    spec:
      containers:
      - env:
        - name: KONG_PLUGINS
          value: bundled,q1-api-auth,q1-user-auth,q1-user-check-permission
        - name: KONG_PROXY_ACCESS_LOG
          value: /dev/stdout
        - name: KONG_PROXY_ERROR_LOG
          value: /dev/stderr
        - name: KONG_ADMIN_LISTEN
          value: 0.0.0.0:8001, 0.0.0.0:8444 ssl
        - name: KONG_PROXY_LISTEN
          value: 0.0.0.0:8000, 0.0.0.0:8443 ssl
        - name: KONG_STREAM_LISTEN
          value: 0.0.0.0:9000 transparent
        - name: KONG_DATABASE
          value: postgres
        - name: KONG_PG_DATABASE
          value: kong
        - name: KONG_PG_USER
          value: kong
        - name: KONG_PG_PASSWORD
          value: PASSWORD
        - name: KONG_PG_HOST
          value: 192.168.130.246
        - name: KONG_PG_PORT
          value: "5432"
        image: kong:1.2.0-centos
        imagePullPolicy: IfNotPresent
        name: kong
        ports:
        - containerPort: 8000
          name: kong-proxy
          protocol: TCP
        - containerPort: 8443
          name: kong-proxy-ssl
          protocol: TCP
        - containerPort: 8001
          name: kong-admin
          protocol: TCP
        - containerPort: 8444
          name: kong-admin-ssl
          protocol: TCP
        - containerPort: 9000
          name: kong-stream
          protocol: TCP
        volumeMounts:
        - mountPath: /usr/local/share/lua/5.1/kong/utils
          name: kong-utils
        - mountPath: /usr/local/share/lua/5.1/kong/plugins/q1-api-auth
          name: q1-api-auth
        - mountPath: /usr/local/share/lua/5.1/kong/plugins/q1-user-auth
          name: q1-user-auth
        - mountPath: /usr/local/share/lua/5.1/kong/plugins/q1-user-check-permission
          name: q1-user-check-permission
        - mountPath: /usr/local/lib/luarocks/rocks/kong/1.2.0-0/kong-1.2.0-0.rockspec
          name: kong-rockspec
          subPath: kong-1.2.0-0.rockspec
        - mountPath: /usr/local/share/lua/5.1/kong/runloop/handler.lua
          name: runloop-handler-lua
          subPath: handler.lua
      dnsPolicy: ClusterFirst
      imagePullSecrets:
      - name: docker-secret
      nodeSelector:
        beta.kubernetes.io/os: linux
        kubernetes.io/role: node
      restartPolicy: Always
      volumes:
      - configMap:
          name: kong-utils
        name: kong-utils
      - configMap:
          name: q1-api-auth
        name: q1-api-auth
      - configMap:
          name: q1-user-auth
        name: q1-user-auth
      - configMap:
          name: q1-user-check-permission
        name: q1-user-check-permission
      - configMap:
          name: kong-1.2.0-0.rockspec
        name: kong-rockspec
      - configMap:
          name: kong-1.2.0-0-runloop-handler.lua
        name: runloop-handler-lua

问题解决

Leave a Comment