Pod to pod websockets?

Hi all,

I have a proxy running in an mTLS enabled cluster which allows users to spin up webapps, eavh hosted in a user-specific child pod. The proxy deals with mapping users to pods, deleting unused pods and masking internal addresses from the end user.

Each child pod & its service has a random name, but all have common labels.

The proxy needs to communicate with each child via a websocket.

I currently have everything set up to access the proxy via istio-ingressgateway & websocket, and can curl the child services via HTTP from the proxy, but I’m unsure how to get websockets working between the proxy & the children.

Do I need a websocket-enabled virtualservice per child, using the mesh gateway, or is there a way to use selectors to write a single virtualservice that would enable websockets for all child pods?

Or am I completely confused & way off base here? Quite likely, as I’m struggling to find websocket examples online.

Thanks,

Stuart

I haven’t used websockets with Istio, but from the Envoy Docs it seems that all you need to do is have an UpgradeConfig set in the Envoy listener, and in my cluster that exists.

If that doesn’t work however (Envoy understanding the HTTP upgrades) then you could try using a different port for websocket connections and set the port name to tcp-something.

Websocket UPGRADE support should be enabled on recent istio versions out of the box. See also this comment on issue 11498.

Not least the websocket example has the websocketUpgrade setting removed (diff).

Since Istio 1.1 there is no need for special treatment for websocket connections between pods (including istio ingress)
The problem might be with your custom proxy, because not all proxies have support for WS proto.