nginx-ingress session affinity behavior when ingress maps to 2 different ports on the same service

8/19/2021

Let's say I have a service that maps to pod that has 2 containers, 1 expose port 8080, the other one expose port 8081. The service expose both ports. The ingress uses nginx-ingress, and has the cookie based session affinity annotations. It has 2 paths, 1 is / mapping to port 8080, the other one is /static mapping to port 8081 on the same service. Will the session affinity work in such way where all the requests from the same client will be sent to the same pod no matter if the path is / or /static?

Below are full configs:

Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/affinity-mode: "persistent"
    nginx.ingress.kubernetes.io/session-cookie-name: "route"
    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
spec:
  rules:
    - host: test.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: test-service
                port:
                  number: 8080
          - path: /static
            pathType: Prefix
            backend:
              service:
                name: test-service
                port:
                  number: 8081

Service

apiVersion: v1
kind: Service
metadata:
  name: test-service
spec:
  type: ClusterIP
  selector:
    app: test-pod
  ports:
    - name: container1
      port: 8080
      targetPort: 8080
    - name: container2
      port: 8081
      targetPort: 8081

Deployment

apiVersion: apps/v1
kind: Deployment
...
spec:
  ...
  template:
    metadata:
      labels:
        app: test-pod
    spec:
      containers:
        - name: container1
          image: ...
          ports:
            - containerPort: 8080
        - name: container2
          image: ...
          ports:
            - containerPort: 8081
-- user3908406
kubernetes
kubernetes-ingress
nginx-ingress

1 Answer

8/20/2021

I managed to test your configuration.

Actually this affinity annotation will work only for / path - this is how nginx ingress works - to make affinity annotation work for both paths you need to create two ingress definitions:

Ingress for path /:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress-one
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/affinity-mode: "balanced"
    nginx.ingress.kubernetes.io/session-cookie-name: "route-one"
    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
spec:
  rules:
    - host: <your-domain>
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: test-service
                port:
                  number: 8080

Ingress for path /static:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress-two
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/affinity-mode: "balanced"
    nginx.ingress.kubernetes.io/session-cookie-name: "route-two"
    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
spec:
  rules:
    - host: <your-domain>
      http:
        paths:
          - path: /static
            pathType: Prefix
            backend:
              service:
                name: test-service
                port:
                  number: 8081

Back to your main question - as we are creating two different ingresses, with two different cookies, they are independent of each other. Each of them will choose his "pod" to "stick" regardless of what the other has chosen. I did research I couldn't find any information about setting it a way to make it work you want. Briefly answering your question:

Will the session affinity work in such way where all the requests from the same client will be sent to the same pod no matter if the path is / or /static?

No.

-- Mikolaj S.
Source: StackOverflow