Ingress session sticky

最新推荐文章于 2025-06-02 09:01:39 发布

正说杂谈

最新推荐文章于 2025-06-02 09:01:39 发布

阅读量1.7k

点赞数

分类专栏：云原生文章标签： kubernetes

本文链接：https://blog.csdn.net/linuxerlin/article/details/107561912

版权

云原生专栏收录该内容

8 篇文章

订阅专栏

本文探讨了在 Kubernetes 的 Ingress 中为何无法直接使用 Service 的会话粘滞性，并介绍了 Nginx Controller 和 Traefik Controller 的配置方法进行会话亲和性设置。Nginx Controller 可通过特定注解实现 Cookie 基础的会话持久化，而 Traefik Controller 则提供了相应的 Kubernetes Ingress 配置。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

service session sticky

kind: Service
apiVersion: v1
metadata:
  name: my-service
spec:
  selector:
    app: my-app
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80
  sessionAffinity: ClientIP
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10

ingress

问题:为什么在ingress中不能使用上面service的session sticky。
答案:因为ingress controller中配置的是POD的地址，不经过service，所以上面的service方式不生效。

Nginx Controller

https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/

Session affinity can be configured using the following annotations:

Name	Description	Value
nginx.ingress.kubernetes.io/affinity	Type of the affinity, set this to cookie to enable session affinity	string (NGINX only supports cookie)
nginx.ingress.kubernetes.io/affinity-mode	The affinity mode defines how sticky a session is. Use balanced to redistribute some sessions when scaling pods or persistent for maximum stickyness.	balanced (default) or persistent
nginx.ingress.kubernetes.io/session-cookie-name	Name of the cookie that will be created	string (defaults to INGRESSCOOKIE)
nginx.ingress.kubernetes.io/session-cookie-path	Path that will be set on the cookie (required if your Ingress paths use regular expressions)	string (defaults to the currently matched path)
nginx.ingress.kubernetes.io/session-cookie-samesite	SameSite attribute to apply to the cookie	Browser accepted values are None, Lax, and Strict
nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none	Will omit SameSite=None attribute for older browsers which reject the more-recently defined SameSite=None value	“true” or “false”
nginx.ingress.kubernetes.io/session-cookie-max-age	Time until the cookie expires, corresponds to the Max-Age cookie directive	number of seconds
nginx.ingress.kubernetes.io/session-cookie-expires	Legacy version of the previous annotation for compatibility with older browsers, generates an Expires cookie directive by adding the seconds to the current date	number of seconds
nginx.ingress.kubernetes.io/session-cookie-change-on-failure	When set to false nginx ingress will send request to upstream pointed by sticky cookie even if previous attempt failed. When set to true and previous attempt failed, sticky cookie will be changed to point to another upstream.	true or false (defaults to false)

You can create the example Ingress to test this:

bash-3.2$less ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: nginx-test
  annotations:
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/session-cookie-name: "route"
    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"

spec:
  rules:
  - host: stickyingress.example.com
    http:
      paths:
      - backend:
          serviceName: http-svc
          servicePort: 80
        path: /

bash-3.2$kubectl create -f ingress.yaml

验证

You can confirm that the Ingress works:

$ kubectl describe ing nginx-test
Name:           nginx-test
Namespace:      default
Address:
Default backend:    default-http-backend:80 (10.180.0.4:8080,10.240.0.2:8080)
Rules:
  Host                          Path    Backends
  ----                          ----    --------
  stickyingress.example.com
                                /        nginx-service:80 (<none>)
Annotations:
  affinity: cookie
  session-cookie-name:      INGRESSCOOKIE
  session-cookie-expires: 172800
  session-cookie-max-age: 172800
Events:
  FirstSeen LastSeen    Count   From                SubObjectPath   Type        Reason  Message
  --------- --------    -----   ----                -------------   --------    ------  -------
  7s        7s      1   {nginx-ingress-controller }         Normal      CREATE  default/nginx-test


$ curl -I http://stickyingress.example.com
HTTP/1.1 200 OK
Server: nginx/1.11.9
Date: Fri, 10 Feb 2017 14:11:12 GMT
Content-Type: text/html
Content-Length: 612
Connection: keep-alive
Set-Cookie: INGRESSCOOKIE=a9907b79b248140b56bb13723f72b67697baac3d; Expires=Sun, 12-Feb-17 14:11:12 GMT; Max-Age=172800; Path=/; HttpOnly
Last-Modified: Tue, 24 Jan 2017 14:02:19 GMT
ETag: "58875e6b-264"
Accept-Ranges: bytes

traefik Controller

https://docs.traefik.io/routing/providers/kubernetes-ingress/

kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: myingress
  annotations:
    traefik.ingress.kubernetes.io/service.sticky.cookie: "true"
    traefik.ingress.kubernetes.io/service.sticky.cookie.name: foobar

spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /bar
            backend:
              serviceName: whoami
              servicePort: 80
          - path: /foo
            backend:
              serviceName: whoami
              servicePort: 80