Kubernetes - Traffic always redirect to the same pod

6/7/2018

I got the task to setup a Kubernetes setup in place 2 days ago with no background in that technology. So sorry if my questions or setup are not good.

The topology is quite simple, a public IP, a dedicated HA proxy configured to forward requests to a Kubernetes services containing a deployment of 2 pods. (Stickiness required!)

 Service setup
   {
  "kind": "Service",
  "apiVersion": "v1",
  "metadata": {
    "name": "api-admin2",
    "namespace": "default",
    "selfLink": "/api/v1/namespaces/default/services/api-admin2",
    "uid": "98121d0d-698b-11e8-8d90-262e68d4dba8",
    "resourceVersion": "245163",
    "creationTimestamp": "2018-06-06T13:14:50Z",
    "labels": {
      "app": "api-admin"
    },
    "annotations": {
      "service.beta.kubernetes.io/azure-load-balancer-internal": "true"
    }
  },
  "spec": {
    "ports": [
      {
        "protocol": "TCP",
        "port": 80,
        "targetPort": 6543,
        "nodePort": 31302
      }
    ],
    "selector": {
      "app": "api-admin"
    },
    "clusterIP": "10.100.22.118",
    "type": "LoadBalancer",
    "sessionAffinity": "ClientIP",
    "externalTrafficPolicy": "Local",
    "healthCheckNodePort": 32660,
    "sessionAffinityConfig": {
      "clientIP": {
        "timeoutSeconds": 10800
      }
    }
  },
  "status": {
    "loadBalancer": {
      "ingress": [
        {
          "ip": "10.100.21.97"
        }
      ]
    }
  }
}

The traffic arrives on pods but not in round robin, the entire traffic goes to the same pod. To have traffic going to another pod, I have to stop the one getting it... Which is not the purpose of this...

Any idea how to have the traffic properly loadbalanced with stickiness ?

Thanks !

-- KAMI
kubernetes
kubernetes-ingress

1 Answer

6/8/2018

from the service documentation for proxy mode: IPVS:

In any of these proxy model, any traffic bound for the Service’s IP:Port is proxied to an appropriate backend without the clients knowing anything about Kubernetes or Services or Pods. Client-IP based session affinity can be selected by setting service.spec.sessionAffinity to “ClientIP” (the default is “None”), and you can set the max session sticky time by setting the field service.spec.sessionAffinityConfig.clientIP.timeoutSeconds if you have already set service.spec.sessionAffinity to “ClientIP” (the default is “10800”).

In your configuration the session affinity which is responsible for choosing the pod is set to clientIP which means 10800 is the sticky time, all the traffic will be forwarded to the same pod for 3 hours if they are coming from the same client.

If you want to specify time, as well, this is what needs to be changed:

 sessionAffinityConfig:
    clientIP:
      timeoutSeconds: _TIME_

This will allow you to change the time of sickness, so if you changed TIME to 10 the service will switch pods every 10 seconds.

-- elia
Source: StackOverflow