Sticky sessions considering src IP and src port in K8s

11/9/2020

I've got a lift 'n shift deployment type (i.e. by no means cloud-native) and I'd like to setup sticky sessions so that the requests keep being handled by the same pod if it's available (from the client's perspective).

Client --> LB --> Ingress --> Service --> Deployment

Due to the fact that LB does SNAT, I think service.spec.sessionAffinityConfig.clientIP will work, but because all the requests would be coming with the same source IP of the loadbalancer, the workload won't be truly balanced across all the pods in the deployment.

Can you think of any way to consider source IP & port pair in the sticky session behavior?

Edit 1: The deployment runs in Oracle Cloud. We're using the Oracle Cloud Loadbalancer service in plain TCP mode (i.e. OSI Layer4).

-- Bernard Halas
kubernetes
kubernetes-networking
kubernetes-service

1 Answer

11/9/2020

What the question describes is actually a default traffic management behavior in K8s. The packets within each TCP session target the same pod. The TCP session is initiated from the certain source IP (in our case the LB) and source port (which is different for each session), and this session remains "sticky" for its whole duration.

-- Bernard Halas
Source: StackOverflow