Sticky sessions are not working using Nginx on Kubernetes

0
votes

I have a deployment which comprises 2 pods with a webapp in them. Nginx ingress controller is installed to expose those 2 pods using tls-passthrough. I have tried to use annotations to setup sticky-sessions but to no avail. No cookie is present in the headers hence no stickyness. What could I do to make it work ? Many thanks for your wise answers.

The Ingress I have created :

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
 name: ingress
 annotations:
 # nginx.ingress.kubernetes.io/secure-backends: "true"
 # nginx.ingress.kubernetes.io/ssl-passthrough: "true"
 # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
 # nginx.ingress.kubernetes.io/rewrite-target: /
   nginx.ingress.kubernetes.io/affinity: "cookie"
   nginx.ingress.kubernetes.io/affinity-mode: "persistent"
   nginx.ingress.kubernetes.io/session-cookie-name: "wabam"
   nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
   nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
namespace: default
spec:
 rules:
  - host: wabam.moulip.lan
     http:
     paths:
      - backend:
          serviceName: wabam-ingress-svc
          servicePort: 443
        path: /
1
nginxkubernetessticky-session
If you ssl-passthrough then you cannot modify the request/response (by definition).zerkms
because the Loadbalancer frontend is not forwarding Real-IP headerAbdennour TOUMI
Hello to both of you, I was suspecting the ssl-passthrough to be the culprit. And I have checked my web app logs and it's the actual client ip which is forwarded. Since I can't have the webapp listen in plain http will Nginx accept to kind of terminate the ssl session and still forward the traffic with https behind ?moulip
As mentioned already, any other annotation will not work when used alongside the ssl-passthrough. Therefore, I don't think this would work like you described.Wytrzymały Wiktor

1 Answers

0
votes

I am posting this as a community wiki answer for better visibility.

As already mentioned in the comments: any other annotation will not work when used alongside the ssl-passthrough. This is also being mentioned by the official docs:

Because SSL Passthrough works on layer 4 of the OSI model (TCP) and not on the layer 7 (HTTP), using SSL Passthrough invalidates all the other annotations set on an Ingress object.