1

We´re using an haproxy ingress in our kuberntes cluster with cookie affinity for sticky session handling.

The ingress configuration like this:

ingress.kubernetes.io/affinity: cookie
ingress.kubernetes.io/session-cookie-keywords: indirect nocache httponly attr Max-Age=3600
ingress.kubernetes.io/session-cookie-name: IngressCookie

We expected the cookie´s lifetime to be extended after each request/response but this is not the case. We´re only receiving the cookie once (for the first request) for given Max-Age period.

Can this behavior be changed?

As a workaround we removed the Max-Age attribute - now the cookie lives as long as the client-session (e.g. browser instance is active). But this could lead to prevent redeploying/updating the pods in cluster as we´re also using drain-support feature (and active clients could reach the same pod again if the client-session is still active).

Jan Ziegler
  • 106
  • 1
  • 4
  • didn't understand your actual concern. drain-support will only add terminating pods in the list of servers, weight zero so new requests won't use them, and this will not prevent the pod to be removed due to a rolling update. in fact you should configure container's preStop handler to prevent the pod terminate sooner than you'd expect. – Joao Morais Nov 04 '21 at 10:51
  • Hi @JoaoMorais, my concern was not too much about drain-support. We already implemented our own preStop handler. This is working. Anyway it would be helpful, if the affinity cookie´s lifetime would not depend on the client session but on a configured period of time which is extended on client activity and expires (after the configuried period of time) on client inactivity. But this seems not to be possible. – Jan Ziegler Nov 05 '21 at 15:11
  • 1
    Maybe `MaxIdle` does what you need? Doc [here](http://cbonte.github.io/haproxy-dconv/2.2/configuration.html#4.2-cookie) – Joao Morais Nov 06 '21 at 23:49
  • @JoaoMorais Thank you, that one looks good! – Jan Ziegler Nov 08 '21 at 20:51

0 Answers0