According to the manual page: https://cloud.google.com/load-balancing/docs/backend-service#http_cookie_affinity
HTTP cookie affinity routes requests to backend VMs or endpoints in a NEG based on the HTTP cookie named in the HTTP_COOKIE flag. If the client does not provide the cookie, the proxy generates the cookie and returns it to the client in a
Set-Cookieheader.
However due to the new security changes in firefox, the following warning appears:
Cookie “GCLB” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Cookies
I could not find a way to configure my load balancer in order to modify the sameSite attribute.
For example opening in mozilla firefox (76.0.1 (64-bit)) the website: https://staging.krizo.dk/ yelds in the console the above warning message.
The example backendconfiguration to reproduce:
apiVersion: cloud.google.com/v1beta1
kind: BackendConfig
metadata:
name: example-name-config
spec:
timeoutSec: 7200
connectionDraining:
drainingTimeoutSec: 30
sessionAffinity:
affinityType: "GENERATED_COOKIE" #"Client_IP" #ClientIP or NONE
affinityCookieTtlSec: 86400and the ingress resource:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: gce
cloud.google.com/neg: '{"ingress": true}'
beta.cloud.google.com/backend-config: '{"ports": {"80":"example-name-config"}}'
ingress.kubernetes.io/enable-cors: "true"
labels:
purpose: example-name-config
<...>