Skip to content

Add new endpoint to add support to proxy websocket requests to build's services

In order to implement we need several modifications and one of them is in Workhorse.

We need to support creating a proxy from Rails to services running inside Runner builds. This proxy needs to support websocket connections (like we already do with the terminal).

Regular HTTP requests will be handled in a later MR.

How to test this MR

Note: at the moment only the kubernetes executor allows this proxy thing to services

In order to easily test this MR I suggest checking out the different branches involved in every component.

  • Rails EE branch: fj-5276-mirror-webide-changes
  • Workhorse branch: fj-proxy-webide-services
  • Runner branch: fj-add-build-proxies

Now open a project in the Web IDE, and create the file .gitlab/.gitlab-webide.yml, and add the following content:

    name: alpine:3.9
      - 80
    - name: tomcat
      alias: tomcat
        - number: 8080      
          protocol: http
    - name: cgorka/websocketnode
      alias: websocket
        - 4005

In the runner, I suggest using minikube for this because it will be easier. We have to update the Kubernetes RBAC configuration. Create a file called, ie role.yml with the following content:

kind: Role
  namespace: default
  name: ci
- apiGroups: [""] # "" indicates the core API group
  resources: ["pods", "pods/exec", "secrets", "services/proxy"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "attach"]

Now, execute in the terminal: kubectl apply -f role.yml. With this permissions update, we're allowing Kubernetes to access services using websockets connection through the API.

In Rails, we need to enable the feature flag build_service_proxy. To enable the flag you have to run in the Rails console: Feature.enable(:build_service_proxy)

Once everything has been set we can go to the Web IDE again. Once we have the build running some quick and dirty HTML components will appear.


For the websockets connection, just click the TestWSS button. With the inspector open you should see some messages. Besides, you can write on the text box in order to receive an echo message.

We can't access the service at present, this will be added in a later MR.

Refs and closes #205 (closed)

Edited by Nick Thomas

Merge request reports