103. ancher WebSocket 与 NGINX OSS 入口控制器的故障

Environment 环境SUSE Rancher 2.10.3AWS EKS cluster AWS EKS 集群NGINX OSS Ingress Controller (oci://ghcr.io/nginx/charts/nginx-ingress)NGINX OSS 入口控制器oci:// ghcr.io/nginx/charts/nginx-ingressSituation 地理位置After upgrading Rancher to 2.10.3, downstream cluster agents failed to connect to the Rancher server. Logs showed repeated WebSocket handshake errors.在将 Rancher 升级到 2.10.3 后下游集群代理未能连接到 Rancher 服务器。日志显示 WebSocket 握手多次出错。Rancher logs: 牧场主日志websocket: the client is not using the websocket protocol: upgrade token not found in Connection header Error during upgrade for host [...]Cluster Agent logs: 集群代理日志Remotedialer proxy error: websocket: bad handshake Failed to connect to proxy. Response status: 400 - websocket: the client is not using the websocket protocolAn attempt to fix the issue by adding standard in-tree NGINX annotation did not work.尝试通过添加标准的树内 NGINX 注释来解决该问题但未能成功。span stylecolor:#000000span stylebackground-color:#ffffffspan stylebackground-color:#efefefcodea>Resolution 结局1] Confirmed the ingress-controller in use was the NGINX OSS Ingress Controller deployed via Helm, not the in-tree NGINX ingress-controller.1] 确认使用的入口控制器是通过 Helm 部署的 NGINX OSS 入口控制器而非树内的 NGINX 入口控制器。2] Updated the WebSocket-related annotations to match the OSS NGINX ingress-controller:2] 更新了与 WebSocket 相关的注释使其与 OSS NGINX 入口控制器相匹配nginx.org/upgrade: websocket3] Upgraded the NGINX ingress-controller Helm release to the latest version.3] 将 NGINX 入口控制器 Helm 版本升级至最新版本。After this change, Rancher and downstream cluster agents successfully established WebSocket connections.此后Rancher 及下游集群代理成功建立了 WebSocket 连接。Cause 病因The incorrect annotation prefix (nginx.ingress.kubernetes.io/...) was applied. nginx.ingress.kubernetes.io/...annotations are only valid for the Kubernetes in-tree NGINX ingress-controller.错误的注释前缀“nginx.ingress.kubernetes.io/...”被应用了。nginx.ingress.kubernetes.io/...“”注释仅适用于 Kubernetes 树内 NGINX 入口控制器。Always verify the type of ingress-controller before applying WebSocket or other ingress annotations.在应用 WebSocket 或其他入口注释前务必确认入口控制器的类型。For NGINX OSS ingress, use “nginx.org/...”annotations.对于 NGINX OSS 入口使用“nginx.org/...”注释。访问Rancher-K8S解决方案博主企业合作伙伴 https://blog.csdn.net/lidw2009