Networking with Load Balancers

Configuring Lenses Websockets to work with Load Balancers.

Lenses uses Websockets. It can be that your load balancers block them by default. Depending on your load balancer you need to allow websockets.

For example on NGINX:

annotations:
  kubernetes.io/ingress.class: nginx
  nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
  nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"

If it is exposed via a service type LoadBalancer, ensure the protocol between the load balancer and NGINX is set to TCP. See Kubernetes documentation for more information.

Lenses can be placed behind a proxy, but you must allow websocket connections.

These two paths are used for WebSocket connections:

/api/ws
/api/kafka/ws

Disable proxy buffering for SSE (Server Sent Events) connections on this path:

/api/sse

TLS termination

Lenses supports TLS termination out of the box, see Enabling TLS

Sample Apache configuration

# Add these settings to your httpd.conf or under the VirtualHost section
# for Lenses.
# The rewrite directives need the rewrite module:
#   LoadModule rewrite_module modules/mod_rewrite.so
# The proxy directives need the proxy, proxy_http and proxy_wstunnel modules:
#   LoadModule proxy_module modules/mod_proxy.so
#   LoadModule proxy_http_module modules/mod_proxy_http.so
#   LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule ^/(.*)$           ws://lenses.url:9991/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule ^/(.*)$           http://lenses.url:9991/$1 [P,L]

ProxyRequests On
ProxyPreserveHost On
ProxyPass / http://lenses.url:9991/
ProxyPassReverse / http://lenses.url:9991/

Sample Caddy configuration

proxy /api/kafka/ws http://lenses.url:9991 {
    websocket
}
proxy /api/ws http://lenses.url:9991 {
    websocket
}
proxy / http://lenses.url:9991

Sample NGINX configuration

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;
    server_name example.lenses.url;

    # websocket paths
    location /api/ws {
        proxy_pass http://lenses.url:9991;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_redirect off;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  Host $http_host;
    }
    location /api/kafka/ws {
        proxy_pass http://lenses.url:9991;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_redirect off;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  Host $http_host;
    }

    # SSE paths
    location /api/sse {
        proxy_pass http://lenses.url:9991;
        proxy_http_version 1.1;

        proxy_buffering off;
        proxy_redirect off;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  Host $http_host;
    }

    # all other paths
    location / {
        proxy_pass http://lenses.url:9991;
        proxy_http_version 1.1;

        proxy_redirect off;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  Host $http_host;
    }
}

PreviousRate Limiting NextLogs

Last updated 1 month ago