K
Q

Nginx Ingress session-cookie-expires doesn't work in kubernetes

4/30/2021

Deployed application on Azure and kubernetes verison is 1.19.6 and nginx-ingress-controller version is 0.27.1

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
namespace: qas
name: ingress
annotations:
 kubernetes.io/ingress.class: "nginx"
 kubernetes.io/ingress.allow-http: "false"

 nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
 nginx.ingress.kubernetes.io/http2-push-preload: "true"
 nginx.ingress.kubernetes.io/affinity: "cookie" 
 nginx.ingress.kubernetes.io/affinity-mode: "persistent"
 nginx.ingress.kubernetes.io/upstream-fail-timeout: "300"
 nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
 nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
 # Legacy: for compatibilty with older browsers: https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/
 nginx.ingress.kubernetes.io/session-cookie-name: "INGRESSCOOKIE"
 nginx.ingress.kubernetes.io/session-cookie-expires: "3600"
 nginx.ingress.kubernetes.io/session-cookie-max-age: "3600"

 #-----project specific-----#
 nginx.ingress.kubernetes.io/app-root: "/welcome"
 
 #----No ip whitelist for storefront, we fully depend on NSG rules in both D/Q/P-----#
 nginx.ingress.kubernetes.io/server-snippet:  |
    # maintanance page
    #rewrite ^(.*)$ https://www.maintenance.bosch.com/ redirect;

    ####################################
    #  NOTE for storefront we strictly don't allow access to admin urls
    #################################
    if ( $uri ~* "^/(smartedit|backoffice|hac|hmc|mcc|cmssmart*|maintenance|boschfoundationemployee|embeddedserver|groovynature|acceleratorservices|authorizationserver|permission*|previewwebservices|tomcatembeddedserver|.*cockpit)" ) {
         return 403;
    }                
    
 nginx.ingress.kubernetes.io/configuration-snippet:  |
    server_name_in_redirect on;
    chunked_transfer_encoding off;
    proxy_ignore_client_abort on;
    gzip on;
    gzip_vary on;
    gzip_min_length 1;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/javascript application/json application/xml image/png image/svg+xml;
    gzip_disable "MSIE [1-6]\.";
    set $redirection_target "/";
    
    #------project specific-----#
    # TODO: Change to quality.aacentral.bosch.tech once migration is completed
    set $best_http_host rb-q-aa-central.westeurope.cloudapp.azure.com;

    # only if we did not redirect apply headers for caching
    if ($uri ~* \.(js|css|gif|jpe?g|png|woff2)) {
       # for older browsers
       expires 5h;
       add_header Cache-Control "private, max-age=1800, stale-while-revalidate";
    }

spec:
  tls:
      - hosts:
        - domain.com
        secretName: waf
  rules:
      - host: domain.com
        http:
         paths:
          - backend:
             serviceName: svc
             servicePort: 443
            path: /

the Ingress works fine but the annotations

 nginx.ingress.kubernetes.io/session-cookie-name: "INGRESSCOOKIE"
 nginx.ingress.kubernetes.io/session-cookie-expires: "3600"
 nginx.ingress.kubernetes.io/session-cookie-max-age: "3600"

no matter how I change the time-out value, it still the same with 300s And I cannot found the session-affinity configuration in nginx.conf after deployed nginx-ingress-controller, and from Nginx official document also have no chapter describe how this annotation works.

Hope someone can provide any material to understand how it works and why the time-out doesn't work.

Thanks

-- joker_9357
kubernetes
nginx

Similar Questions

Dex : Deleted the refresh token
Error from server (NotFound): pods "\nmongo-client-79667cc85d-tsg72" not found
Kubernetes - Scale up interval
error installing helm chart in kubernates
Prevent a user from deploy pods into a master

0 Answers