I am trying to use a GraphQL API behind the tyk gateway in a Kubernetes environment.
I am using nginx as the ingress controller.
The API is using web sockets for the implementation of subscriptions. Normal mutations and queries work without a problem but the web socket connection always close before the connection is established.
Here is my yaml for the API:
apiVersion: tyk.tyk.io/v1alpha1
kind: ApiDefinition
metadata:
name: testapi
spec:
name: testapi
use_keyless: true
enable_detailed_recording: true
domain: test.dev.example.com
active: true
do_not_track: false
proxy:
target_url: http://api-service.tyk.svc:9998/query
preserve_host_header: true
listen_path: /
strip_listen_path: true
graphql:
enabled: true
version: "2"
execution_mode: proxyOnly
playground:
enabled: true
path: /playground
This is the ingress definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gateway-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "https://test.dev.example.com"
spec:
ingressClassName: nginx
tls:
- hosts:
- test.dev.example.com
secretName: gateway-ingress-tls
rules:
- host: test.dev.example.com
http:
paths:
- path: /
pathType: Exact
backend:
service:
name: gateway-svc-tyk-oss-tyk-gateway
port:
number: 8080
The gateway is installed with the helm chart using:
helm upgrade tyk-oss tyk-helm/tyk-oss --install -n tyk\
--set "global.redis.addrs[0]=tyk-redis-redis-cluster.tyk:6379" \
--set "global.redis.pass=$PASSWORD_REDIS" \
--set 'global.redis.enableCluster=true' \
--set 'tyk-gateway.gateway.image.repository=tykio/tyk-gateway' \
--set 'tyk-gateway.gateway.service.port=8080' \
--set 'global.tls.gateway=true' \
--set 'global.tls.useDefaultTykCertificate=false' \
--set "tyk-gateway.gateway.hostName=gateway.dev.example.com" \
--set 'tyk-gateway.gateway.tls.secretName=internal-cluster-cert' \
--set 'tyk-gateway.gateway.extraVolumes[0].name=ca-certificate-only' \
--set 'tyk-gateway.gateway.extraVolumes[0].configMap.name=example-bundle' \
--set 'tyk-gateway.gateway.extraVolumes[0].configMap.optional=false' \
--set 'tyk-gateway.gateway.extraVolumes[0].configMap.items[0].key=trust-bundle.pem' \
--set 'tyk-gateway.gateway.extraVolumes[0].configMap.items[0].path=ca-certificates.crt' \
--set 'tyk-gateway.gateway.extraVolumeMounts[0].name=ca-certificate-only' \
--set 'tyk-gateway.gateway.extraVolumeMounts[0].mountPath=/etc/ssl/certs/' \
--set 'tyk-gateway.gateway.extraVolumeMounts[0].readOnly=true' \
--set 'tyk-gateway.gateway.extraEnvs[0].name=TYK_LOGLEVEL' \
--set 'tyk-gateway.gateway.extraEnvs[0].value=debug' \
--set 'tyk-gateway.gateway.extraEnvs[1].name=TYK_GW_HTTPSERVEROPTIONS_ENABLEWEBSOCKETS' \
--set 'tyk-gateway.gateway.extraEnvs[1].value="true"' \
--wait --atomic
The NGINX Ingress Controller is installed by
helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx -n tyk
Can somebody help me get the web socket connections to the api up and running so GraphQL subscriptions work?
I am not sure where I went wrong.
Thanks,
Maurice
