Session Affinity Settings for multiple Pods exposed by a single service

Asked 27/5, 2019 at 9:39 Answered 12/6, 2019 at 10:40

kubernetes kubernetes-ingress kubernetes-pod kubernetes-service

I have a setup Metallb as LB with Nginx Ingress installed on K8S cluster. I have read about session affinity and its significance but so far I do not have a clear picture.

How can I create a single service exposing multiple pods of the same application? After creating the single service entry point, how to map the specific client IP to Pod abstracted by the service?

Is there any blog explaining this concept in terms of how the mapping between Client IP and POD is done in kubernetes?

But I do not see Client's IP in the YAML. Then, How is this service going to map the traffic to respective clients to its endpoints? this is the question I have.

kind: Service
apiVersion: v1
metadata:
  name: my-service
spec:
  selector:
    app: my-app
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80
  sessionAffinity: ClientIP
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10000

Probably answered 27/5, 2019 at 9:39 Comment(4)

because, you are using nginx as ingress controller, We are talking about http sessions, that means, you need to setup cookies stickiness in your ingress rules, if you go in the github repo of the nginx ingress controller, you have a lot of examples – Leggat 27/5, 2019 at 9:49

@Leggat I want to use normal session affinity before going to cookies based. also, I want to validate and see if the Client request is mapped to the Pod based on its IP. – Probably 27/5, 2019 at 10:55

if you have web application doing stickness based on the ip is not so good, if you have a mobile user, the ip can changes many times – Leggat 27/5, 2019 at 11:24

I am trying to validate this feature first. you are right in case of web application using sticky sessions is useful. and that is a more advanced part of session control I would say. I think I need to learn basic mapping first. – Probably 27/5, 2019 at 12:29

Main concept of Session Affinity is to redirect traffic from one client always to specific node. Please keep in mind that session affinity is a best-effort method and there are scenarios where it will fail due to pod restarts or network errors. There are two main types of Session Affinity:

1) Based on Client IP

This option works well for scenario where there is only one client per IP. In this method you don't need Ingress/Proxy between K8s services and client. Client IP should be static, because each time when client will change IP he will be redirected to another pod.

To enable the session affinity in kubernetes, we can add the following to the service definition.

service.spec.sessionAffinity: ClientIP

Because community provided proper manifest to use this method I will not duplicate.

2) Based on Cookies

It works when there are multiple clients from the same IP, because it´s stored at web browser level. This method require Ingress object. Steps to apply this method with more detailed information can be found here under Session affinity based on Cookie section.

Create NGINX controller deployment
Create NGINX service
Create Ingress
Redirect your public DNS name to the NGINX service public/external IP.

About mapping ClientIP and POD, according to Documentation kube-proxy is responsible for SessionAffinity. One of Kube-Proxy job is writing to IPtables, more details here so thats how it is mapped.

Articles which might help with understanding Session Affinity: https://sookocheff.com/post/kubernetes/building-stateful-services/ https://medium.com/@diegomrtnzg/redirect-your-users-to-the-same-pod-by-using-session-affinity-on-kubernetes-baebf6a1733b

Dzerzhinsk answered 12/6, 2019 at 10:40 Comment(0)

follow the service reference for session affinity

kind: Service
apiVersion: v1
metadata:
  name: my-service
spec:
  selector:
    app: my-app
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80
  sessionAffinity: ClientIP
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10000

Aloha answered 27/5, 2019 at 11:39 Comment(5)

Yes, so far I have seen this YAML used as an example everywhere. But I do not see Client's IP in the YAML. How is this service going to map the traffic to respective clients to its endpoints? this is the question I have. – Probably 27/5, 2019 at 12:25

sessionAffinity: ClientIP – Aloha 27/5, 2019 at 13:46

the above property would route the traffic to same backend pod based on clientIP – Aloha 27/5, 2019 at 13:47

do we need to make any changes in Ingress file ? or service file alone enough for above sticky session configuration. – Abrupt 18/2, 2021 at 10:17

yes, you might need to enable nginx.ingress.kubernetes.io/affinity – Aloha 19/2, 2021 at 8:33

Recommended topics

Hot tags