vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/cce/umn/cce_bestpractice_00231.html
Dong, Qiu Jian 86fb05065f CCE UMN for 24.2.0 version -20240428 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2024-06-10 08:19:07 +00:00

467 lines
33 KiB
HTML
Raw Blame History

<a name="cce_bestpractice_00231"></a><a name="cce_bestpractice_00231"></a>
<h1 class="topictitle1">Implementing Sticky Session Through Load Balancing</h1>
<div id="body8662426"><div class="section" id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_section89688321407"><h4 class="sectiontitle">Concepts</h4><p id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_p13844165318404">Sticky sessions ensure continuity and consistency when you access applications. If a load balancer is deployed between a client and backend servers, connections may be forwarded to different servers for processing. Sticky sessions can resolve this issue. After sticky session is enabled, requests from the same client will be continuously distributed to the same backend server through load balancing.</p>
<p id="cce_bestpractice_00231__p14197131311178">For example, in most online systems that require user identity authentication, a user needs to interact with the server for multiple times to complete a session. These interactions require continuity. If sticky session is not configured, the load balancer may allocate certain requests to different backend servers. Since user identity has not been authenticated on other backend servers, interaction exceptions such as a user login failure may occur.</p>
<p id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_p68441453144013">Therefore, select a proper sticky session type based on the application environment.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_bestpractice_00231__table16883175618144" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Sticky session types</caption><thead align="left"><tr id="cce_bestpractice_00231__row14883165617145"><th align="left" class="cellrowborder" valign="top" width="13.36%" id="mcps1.3.1.5.2.6.1.1"><p id="cce_bestpractice_00231__p14552258111418">OSI Layer</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.14%" id="mcps1.3.1.5.2.6.1.2"><p id="cce_bestpractice_00231__p4552175813143">Listener Protocol and Networking</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="29.5%" id="mcps1.3.1.5.2.6.1.3"><p id="cce_bestpractice_00231__p455235811411">Sticky Session Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.1.5.2.6.1.4"><p id="cce_bestpractice_00231__p95521058101410">Stickiness Duration</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.1.5.2.6.1.5"><p id="cce_bestpractice_00231__p1955210585143">Scenarios Where Sticky Sessions Become Invalid</p>
</th>
</tr>
</thead>
<tbody><tr id="cce_bestpractice_00231__row11883135614148"><td class="cellrowborder" valign="top" width="13.36%" headers="mcps1.3.1.5.2.6.1.1 "><p id="cce_bestpractice_00231__p85528589144">Layer 4</p>
</td>
<td class="cellrowborder" valign="top" width="17.14%" headers="mcps1.3.1.5.2.6.1.2 "><p id="cce_bestpractice_00231__p95521258161414">TCP- or UDP-compliant Services</p>
</td>
<td class="cellrowborder" valign="top" width="29.5%" headers="mcps1.3.1.5.2.6.1.3 "><p id="cce_bestpractice_00231__p5552195815146"><strong id="cce_bestpractice_00231__b103111947846">Source IP address</strong>: The source IP address of each request is calculated using the consistent hashing algorithm to obtain a unique hashing key, and all backend servers are numbered. The system allocates the client to a particular server based on the generated key. This allows requests from the same IP address are forwarded to the same backend server.</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.1.5.2.6.1.4 "><ul id="cce_bestpractice_00231__ul1955219580148"><li id="cce_bestpractice_00231__li7552458121417">Default: 20 minutes</li><li id="cce_bestpractice_00231__li1655314580141">Maximum: 60 minutes</li><li id="cce_bestpractice_00231__li155532583145">Range: 1 minute to 60 minutes</li></ul>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.1.5.2.6.1.5 "><ul id="cce_bestpractice_00231__ul175534588142"><li id="cce_bestpractice_00231__li055325814147">Source IP addresses of the clients have changed.</li><li id="cce_bestpractice_00231__li15531658181418">Requests from the clients exceed the session stickiness duration.</li></ul>
</td>
</tr>
<tr id="cce_bestpractice_00231__row08831156151415"><td class="cellrowborder" valign="top" width="13.36%" headers="mcps1.3.1.5.2.6.1.1 "><p id="cce_bestpractice_00231__p9553558121420">Layer 7</p>
</td>
<td class="cellrowborder" valign="top" width="17.14%" headers="mcps1.3.1.5.2.6.1.2 "><p id="cce_bestpractice_00231__p6553115861416">HTTP- or HTTPS-compliant ingresses</p>
</td>
<td class="cellrowborder" valign="top" width="29.5%" headers="mcps1.3.1.5.2.6.1.3 "><ul id="cce_bestpractice_00231__ul05534587145"><li id="cce_bestpractice_00231__li855320588144"><strong id="cce_bestpractice_00231__b9432146511">Load balancer cookie</strong>: The load balancer generates a cookie after receiving a request from the client. All subsequent requests with the cookie will be routed to the same backend server.</li><li id="cce_bestpractice_00231__li13553205801413"><strong id="cce_bestpractice_00231__b19963481881">Application cookie</strong>: The application deployed on the backend server generates a cookie after receiving the first request from the client. All subsequent requests with the same cookie will be routed to the same backend server.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.1.5.2.6.1.4 "><ul id="cce_bestpractice_00231__ul45531258201420"><li id="cce_bestpractice_00231__li1555375871412">Default: 20 minutes</li><li id="cce_bestpractice_00231__li1553155871413">Maximum: 1440 minutes</li><li id="cce_bestpractice_00231__li13553658161411">Range: 1 minute to 1440 minutes</li></ul>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.1.5.2.6.1.5 "><ul id="cce_bestpractice_00231__ul17553145841416"><li id="cce_bestpractice_00231__li165531458111416">If requests sent by the clients do not contain a cookie, sticky sessions will not take effect.</li><li id="cce_bestpractice_00231__li1155311584149">Requests from the clients exceed the session stickiness duration.</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="cce_bestpractice_00231__note1465725842820"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_bestpractice_00231__p1165795842820">When creating a load balancer, configure sticky sessions by setting <strong id="cce_bestpractice_00231__b1358719443113">kubernetes.io/elb.lb-algorithm</strong> to <strong id="cce_bestpractice_00231__b567022017125">ROUND_ROBIN</strong> or <strong id="cce_bestpractice_00231__b9575193719121">kubernetes.io/elb.lb-algorithm</strong> to <strong id="cce_bestpractice_00231__b783944781219">LEAST_CONNECTIONS</strong>. If you set <strong id="cce_bestpractice_00231__b206833430130">kubernetes.io/elb.lb-algorithm</strong> is to <strong id="cce_bestpractice_00231__b137807554139">SOURCE_IP</strong>, source IP address-based sticky sessions are supported. In this case, you do not need to configure sticky sessions again.</p>
</div></div>
</div>
<div class="section" id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_section94681829101"><h4 class="sectiontitle">Layer 4 Sticky Sessions for Services</h4><p id="cce_bestpractice_00231__p166814116389">In Layer 4 mode, source IP address-based sticky sessions can be enabled, where hash routing is performed based on the client IP address.</p>
</div>
<div class="section" id="cce_bestpractice_00231__section18774182114516"><div class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><h4 class="sectiontitle">Enabling Layer 4 Sticky Session in a CCE Standard Cluster</h4></div><div class="dropdowncontext"><div class="p" id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_p17432131472">In a CCE standard cluster, to enable source IP address-based sticky session for a Service, ensure the following conditions are met:<ol id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_ol146719359478"><li id="cce_bestpractice_00231__li968014117386"><strong id="cce_bestpractice_00231__b934719564717">Service Affinity</strong> of the Service must be set to <strong id="cce_bestpractice_00231__b03475584718">Node-level</strong>, where the <strong id="cce_bestpractice_00231__b6347175134720">externalTrafficPolicy</strong> value of the Service must be <strong id="cce_bestpractice_00231__b434819554719">Local</strong>.</li><li id="cce_bestpractice_00231__li17209113813914">Anti-affinity has been enabled on the backend applications of the Service to prevent all pods from being deployed on the same node.</li></ol>
</div>
<p id="cce_bestpractice_00231__p64221636173611"><strong id="cce_bestpractice_00231__b174854209162">Procedure</strong></p>
<ol id="cce_bestpractice_00231__ol1583613073618"><li id="cce_bestpractice_00231__li54221136163614"><span>Create an Nginx workload.</span><p><div class="p" id="cce_bestpractice_00231__p164221236173617">Set the number of pods to 3 and configure podAntiAffinity.<pre class="screen" id="cce_bestpractice_00231__screen1042215368362">kind: Deployment
apiVersion: apps/v1
metadata:
name: nginx
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: container-0
image: 'nginx:perl'
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 250m
memory: 512Mi
imagePullSecrets:
- name: default-secret
affinity:
podAntiAffinity: # Pod anti-affinity
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- nginx
topologyKey: kubernetes.io/hostname</pre>
</div>
</p></li><li id="cce_bestpractice_00231__li10426054193614"><span>Create a LoadBalancer Service, for example, using an existing load balancer. The following shows an example YAML file for configuring source IP address-based sticky sessions:</span><p><pre class="screen" id="cce_bestpractice_00231__screen14193018147">apiVersion: v1
kind: Service
metadata:
name: svc-example
namespace: default
annotations:
kubernetes.io/elb.class: union
kubernetes.io/elb.id: *****
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN # Weighted round robin allocation policy
kubernetes.io/elb.session-affinity-mode: SOURCE_IP # Enable source IP address-based sticky session.
spec:
selector:
app: nginx
externalTrafficPolicy: Local # Node level Service affinity
ports:
- name: cce-service-0
targetPort: 80
nodePort: 32633
port: 80
protocol: TCP
type: LoadBalancer</pre>
</p></li><li class="msonormal" id="cce_bestpractice_00231__li16579124633810"><span>Log in to the ELB console and click the target load balancer. In the backend server group of the listener, check whether sticky session is enabled.</span></li></ol>
</div></div></div>
<div class="section" id="cce_bestpractice_00231__section157301511124915"><div class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><h4 class="sectiontitle">Enabling Layer 4 Sticky Session in a CCE Turbo Cluster</h4></div><div class="dropdowncontext"><p id="cce_bestpractice_00231__p98950242614">In a CCE Turbo cluster, enabling source IP address-based sticky session for a Service relies on the load balancer type.</p>
<ul id="cce_bestpractice_00231__ul1267214278620"><li id="cce_bestpractice_00231__li111513504311">When a dedicated load balancer is used, passthrough networking is allowed between the load balancer and pods, and pods function as the backend server group of the load balancer. Therefore, you do not need to configure Service affinity or application anti-affinity when enabling source IP address-based sticky session for the Service.</li><li id="cce_bestpractice_00231__li1141694312611">When a shared load balancer is used, to enable source IP address-based sticky session for a Service, ensure the following conditions are met:<ol id="cce_bestpractice_00231__ol8634207573"><li id="cce_bestpractice_00231__li26341871574"><strong id="cce_bestpractice_00231__b1370252513461">Service Affinity</strong> of the Service must be set to <strong id="cce_bestpractice_00231__b137028254464">Node-level</strong>, where the <strong id="cce_bestpractice_00231__b47021425114611">externalTrafficPolicy</strong> value of the Service must be <strong id="cce_bestpractice_00231__b157021525154616">Local</strong>.</li><li id="cce_bestpractice_00231__li146341879716">Anti-affinity has been enabled on the backend applications of the Service to prevent all pods from being deployed on the same node.</li></ol>
</li></ul>
<p id="cce_bestpractice_00231__p480281932720"><strong id="cce_bestpractice_00231__b114869203165">Procedure</strong></p>
<ul id="cce_bestpractice_00231__ul984771992718"><li id="cce_bestpractice_00231__li384711912715"><div xmlns:exsl="http://exslt.org/common" class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><a><span><strong id="cce_bestpractice_00231__b1516904864716">For dedicated load balancers</strong></span></a></div><div class="dropdowncontext"><span><div class="p" id="cce_bestpractice_00231__p17847619202717">The following shows an example YAML file for configuring source IP address-based sticky sessions for a Service that uses an existing load balancer:<pre class="screen" id="cce_bestpractice_00231__screen1484781911276">apiVersion: v1
kind: Service
metadata:
name: svc-example
namespace: default
annotations:
kubernetes.io/elb.class: performance
kubernetes.io/elb.id: *****
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN # Weighted round robin allocation policy
kubernetes.io/elb.session-affinity-mode: SOURCE_IP # Enable source IP address-based sticky session.
spec:
selector:
app: nginx
externalTrafficPolicy: Local # In CCE Turbo clusters, Service affinity does not need to be configured if a dedicated load balancer is used.
ports:
- name: cce-service-0
targetPort: 80
nodePort: 32633
port: 80
protocol: TCP
type: LoadBalancer</pre>
</div>
</span></div></div></li><li id="cce_bestpractice_00231__li384718195272"><div xmlns:exsl="http://exslt.org/common" class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><a><span><strong id="cce_bestpractice_00231__b1492465634710">For shared load balancers</strong></span></a></div><div class="dropdowncontext"><span><ol id="cce_bestpractice_00231__ol98471919192718"><li id="cce_bestpractice_00231__li13775154110502">Create an Nginx workload.<div class="p" id="cce_bestpractice_00231__cce_bestpractice_00231_p164221236173617"><a name="cce_bestpractice_00231__li13775154110502"></a><a name="li13775154110502"></a>Set the number of pods to 3 and configure podAntiAffinity.<pre class="screen" id="cce_bestpractice_00231__cce_bestpractice_00231_screen1042215368362">kind: Deployment
apiVersion: apps/v1
metadata:
name: nginx
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: container-0
image: 'nginx:perl'
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 250m
memory: 512Mi
imagePullSecrets:
- name: default-secret
affinity:
podAntiAffinity: # Pod anti-affinity
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- nginx
topologyKey: kubernetes.io/hostname</pre>
</div>
</li><li id="cce_bestpractice_00231__li17847519162711">Create a LoadBalancer Service. The following shows an example YAML file for configuring source IP address-based sticky sessions for a Service that uses an existing load balancer:<pre class="screen" id="cce_bestpractice_00231__screen20847171952718">apiVersion: v1
kind: Service
metadata:
name: svc-example
namespace: default
annotations:
kubernetes.io/elb.class: union
kubernetes.io/elb.id: *****
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN # Weighted round robin allocation policy
kubernetes.io/elb.session-affinity-mode: SOURCE_IP # Enable source IP address-based sticky session.
spec:
selector:
app: nginx
externalTrafficPolicy: Local # Node level Service affinity
ports:
- name: cce-service-0
targetPort: 80
nodePort: 32633
port: 80
protocol: TCP
type: LoadBalancer</pre>
</li><li class="msonormal" id="cce_bestpractice_00231__li17847161917277">Log in to the ELB console and click the target load balancer. In the backend server group of the listener, check whether sticky session is enabled.</li></ol>
</span></div></div></li></ul>
</div></div></div>
<div class="section" id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_section7684169135614"><h4 class="sectiontitle">Layer 7 Sticky Sessions for Ingresses</h4><p id="cce_bestpractice_00231__p468411161112">In Layer 7 mode, sticky sessions can be enabled using HTTP cookies or application cookies.</p>
</div>
<div class="section" id="cce_bestpractice_00231__section1545510243112"><div class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><h4 class="sectiontitle">Enabling Layer 7 Sticky Session in a CCE Standard Cluster</h4></div><div class="dropdowncontext"><p id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_p819192517506">To enable cookie-based sticky session on an ingress, ensure the following conditions are met:</p>
<ol id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_ol13704202116515"><li id="cce_bestpractice_00231__li1327633572913"><strong id="cce_bestpractice_00231__b13948141534718">Service Affinity</strong> of the ingress must be set to <strong id="cce_bestpractice_00231__b1494821517471">Node-level</strong>, where the <strong id="cce_bestpractice_00231__b5948191517477">externalTrafficPolicy</strong> value of the Service must be <strong id="cce_bestpractice_00231__b119485158479">Local</strong>.</li><li id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_li1370462195119">Anti-affinity must be enabled for the ingress workload to prevent all pods from being deployed on the same node.</li></ol>
<p id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_p514014531516"><strong id="cce_bestpractice_00231__b20486162051620">Procedure</strong></p>
<ol id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_ol12391642125610"><li id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_li19541156676"><span>Create an Nginx workload.</span><p><div class="p" id="cce_bestpractice_00231__cce_bestpractice_00231_p164221236173617_1">Set the number of pods to 3 and configure podAntiAffinity.<pre class="screen" id="cce_bestpractice_00231__cce_bestpractice_00231_screen1042215368362_1">kind: Deployment
apiVersion: apps/v1
metadata:
name: nginx
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: container-0
image: 'nginx:perl'
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 250m
memory: 512Mi
imagePullSecrets:
- name: default-secret
affinity:
podAntiAffinity: # Pod anti-affinity
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- nginx
topologyKey: kubernetes.io/hostname</pre>
</div>
</p></li><li id="cce_bestpractice_00231__li17131113214555"><span>Create a Service for the workload. This section uses a NodePort Service as an example.</span><p><div class="p" id="cce_bestpractice_00231__p187863245518">Configure sticky sessions during the creation of a Service. An ingress can access multiple Services, and each Service can have different sticky sessions.<pre class="screen" id="cce_bestpractice_00231__screen7998134412298">apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
annotations:
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN # Weighted round robin allocation policy
kubernetes.io/elb.session-affinity-mode: HTTP_COOKIE # HTTP cookie
kubernetes.io/elb.session-affinity-option: '{"persistence_timeout":"1440"}' # Session stickiness duration, in minutes. The value ranges from 1 to 1440.
spec:
selector:
app: nginx
ports:
- name: cce-service-0
protocol: TCP
port: 80
targetPort: 80
nodePort: 32633 # Custom node port
type: NodePort
externalTrafficPolicy: Local # Node level Service affinity</pre>
</div>
<p id="cce_bestpractice_00231__p8998184442914">You can also select <strong id="cce_bestpractice_00231__b9788104453012">APP_COOKIE</strong>.</p>
<pre class="screen" id="cce_bestpractice_00231__screen15998104442918">apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
annotations:
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN # Weighted round robin allocation policy
kubernetes.io/elb.session-affinity-mode: APP_COOKIE # Select <strong id="cce_bestpractice_00231__b91151110132816">APP_COOKIE</strong>.
kubernetes.io/elb.session-affinity-option: '{"app_cookie_name":"test"}' # Application cookie name
...</pre>
</p></li><li id="cce_bestpractice_00231__li1499116492297"><span>Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_10_0252.html" target="_blank" rel="noopener noreferrer">Using kubectl to Create an ELB Ingress</a>.</span><p><pre class="screen" id="cce_bestpractice_00231__screen1790322712361">apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-test
namespace: default
annotations:
kubernetes.io/elb.class: union
kubernetes.io/elb.port: '80'
kubernetes.io/elb.id: *****
spec:
rules:
- host: 'www.example.com'
http:
paths:
- path: '/'
backend:
service:
name: nginx # Service name
port:
number: 80
property:
ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
pathType: ImplementationSpecific
ingressClassName: cce</pre>
</p></li><li class="msonormal" id="cce_bestpractice_00231__en-us_topic_0226102205_en-us_topic_0179003349_li139184205612"><span>Log in to the ELB console and click the target load balancer. In the backend server group of the listener, check whether sticky session is enabled.</span></li></ol>
</div></div></div>
<div class="section" id="cce_bestpractice_00231__section1176317569577"><div class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><h4 class="sectiontitle">Enabling Layer 7 Sticky Session in a CCE Turbo Cluster</h4></div><div class="dropdowncontext"><p id="cce_bestpractice_00231__p49257405816">Enable cookie-based sticky session on the ingress.</p>
<ul id="cce_bestpractice_00231__ul164141535185811"><li id="cce_bestpractice_00231__li1070228144111">When a dedicated load balancer is used, passthrough networking is allowed between the load balancer and pods, and pods function as the backend server group of the load balancer. Therefore, you do not need to configure Service affinity or application anti-affinity when enabling cookie-based sticky session for the ingress.</li><li id="cce_bestpractice_00231__li17414183585816">When a shared load balancer is used, to enable cookie-based sticky session for an ingress, ensure the following conditions are met:<ol id="cce_bestpractice_00231__ol189752045183419"><li id="cce_bestpractice_00231__li097518455345"><strong id="cce_bestpractice_00231__b12401351803">Service Affinity</strong> of the ingress must be set to <strong id="cce_bestpractice_00231__b14240935401">Node-level</strong>, where the <strong id="cce_bestpractice_00231__b1424018351708">externalTrafficPolicy</strong> value of the Service must be <strong id="cce_bestpractice_00231__b172401835901">Local</strong>.</li><li id="cce_bestpractice_00231__li11975194523414">Anti-affinity must be enabled for the ingress workload to prevent all pods from being deployed on the same node.</li></ol>
</li></ul>
<p id="cce_bestpractice_00231__p1092517445819"><strong id="cce_bestpractice_00231__b19943171811615">Procedure</strong></p>
<ul id="cce_bestpractice_00231__ul4790763592"><li id="cce_bestpractice_00231__li13875141015017"><div xmlns:exsl="http://exslt.org/common" class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><a><span><strong id="cce_bestpractice_00231__b0974197712">For dedicated load balancers</strong></span></a></div><div class="dropdowncontext"><span><ol id="cce_bestpractice_00231__ol14282115018017"><li id="cce_bestpractice_00231__li15282195013013">Create a Service for the workload. In a CCE Turbo cluster, the ingresses that use a dedicated load balancer must interconnect with ClusterIP Services.<div class="p" id="cce_bestpractice_00231__p842193818019"><a name="cce_bestpractice_00231__li15282195013013"></a><a name="li15282195013013"></a>Configure sticky sessions during the creation of a Service. An ingress can access multiple Services, and each Service can have different sticky sessions.<pre class="screen" id="cce_bestpractice_00231__screen642438503">apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
annotations:
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN # Weighted round robin allocation policy
kubernetes.io/elb.session-affinity-mode: HTTP_COOKIE # HTTP cookie
kubernetes.io/elb.session-affinity-option: '{"persistence_timeout":"1440"}' # Session stickiness duration, in minutes. The value ranges from 1 to 1440.
spec:
selector:
app: nginx
ports:
- name: cce-service-0
protocol: TCP
port: 80
targetPort: 80
nodePort: 0
type: ClusterIP</pre>
</div>
<p id="cce_bestpractice_00231__p74220386019">You can also select <strong id="cce_bestpractice_00231__b456216636">APP_COOKIE</strong>.</p>
<pre class="screen" id="cce_bestpractice_00231__screen1342193812019">apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
annotations:
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN # Weighted round robin allocation policy
kubernetes.io/elb.session-affinity-mode: APP_COOKIE # Select <strong id="cce_bestpractice_00231__b166794122037">APP_COOKIE</strong>.
kubernetes.io/elb.session-affinity-option: '{"app_cookie_name":"test"}' # Application cookie name
...</pre>
</li><li id="cce_bestpractice_00231__li82821350904">Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_10_0252.html" target="_blank" rel="noopener noreferrer">Using kubectl to Create an ELB Ingress</a>.<pre class="screen" id="cce_bestpractice_00231__screen642153817011">apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-test
namespace: default
annotations:
kubernetes.io/elb.class: performance
kubernetes.io/elb.port: '80'
kubernetes.io/elb.id: *****
spec:
rules:
- host: 'www.example.com'
http:
paths:
- path: '/'
backend:
service:
name: nginx # Service name
port:
number: 80
property:
ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
pathType: ImplementationSpecific
ingressClassName: cce</pre>
</li><li class="msonormal" id="cce_bestpractice_00231__li62823508013">Log in to the ELB console and click the target load balancer. In the backend server group of the listener, check whether sticky session is enabled.</li></ol>
</span></div></div></li><li id="cce_bestpractice_00231__li1379016105917"><div xmlns:exsl="http://exslt.org/common" class="dropdownexpand"><div class="dropdowntitle" onclick="ExpandorCollapseNode(this)"><a><span><strong id="cce_bestpractice_00231__b11923159114712">For shared load balancers</strong></span></a></div><div class="dropdowncontext"><span><ol id="cce_bestpractice_00231__ol16761114205915"><li id="cce_bestpractice_00231__li976171414594">Create an Nginx workload.<div class="p" id="cce_bestpractice_00231__cce_bestpractice_00231_p164221236173617_2"><a name="cce_bestpractice_00231__li976171414594"></a><a name="li976171414594"></a>Set the number of pods to 3 and configure podAntiAffinity.<pre class="screen" id="cce_bestpractice_00231__cce_bestpractice_00231_screen1042215368362_2">kind: Deployment
apiVersion: apps/v1
metadata:
name: nginx
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: container-0
image: 'nginx:perl'
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 250m
memory: 512Mi
imagePullSecrets:
- name: default-secret
affinity:
podAntiAffinity: # Pod anti-affinity
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- nginx
topologyKey: kubernetes.io/hostname</pre>
</div>
</li><li id="cce_bestpractice_00231__li876914105920">Create a Service for the workload. In a CCE Turbo cluster, the ingresses that use a shared load balancer must interconnect with NodePort Services.<div class="p" id="cce_bestpractice_00231__p892513475813"><a name="cce_bestpractice_00231__li876914105920"></a><a name="li876914105920"></a>Configure sticky sessions during the creation of a Service. An ingress can access multiple Services, and each Service can have different sticky sessions.<pre class="screen" id="cce_bestpractice_00231__screen09253405815">apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
annotations:
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN # Weighted round robin allocation policy
kubernetes.io/elb.session-affinity-mode: HTTP_COOKIE # HTTP cookie
kubernetes.io/elb.session-affinity-option: '{"persistence_timeout":"1440"}' # Session stickiness duration, in minutes. The value ranges from 1 to 1440.
spec:
selector:
app: nginx
ports:
- name: cce-service-0
protocol: TCP
port: 80
targetPort: 80
nodePort: 32633 # Custom node port
type: NodePort
externalTrafficPolicy: Local # Node level Service affinity</pre>
</div>
<p id="cce_bestpractice_00231__p1992520495819">You can also select <strong id="cce_bestpractice_00231__b11191694311">APP_COOKIE</strong>.</p>
<pre class="screen" id="cce_bestpractice_00231__screen1992511485819">apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
annotations:
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN # Weighted round robin allocation policy
kubernetes.io/elb.session-affinity-mode: APP_COOKIE # Select <strong id="cce_bestpractice_00231__b1289461819310">APP_COOKIE</strong>.
kubernetes.io/elb.session-affinity-option: '{"app_cookie_name":"test"}' # Application cookie name
...</pre>
</li><li id="cce_bestpractice_00231__li1976181415911">Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_10_0252.html" target="_blank" rel="noopener noreferrer">Using kubectl to Create an ELB Ingress</a>.<pre class="screen" id="cce_bestpractice_00231__screen2092617410589">apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-test
namespace: default
annotations:
kubernetes.io/elb.class: union
kubernetes.io/elb.port: '80'
kubernetes.io/elb.id: *****
spec:
rules:
- host: 'www.example.com'
http:
paths:
- path: '/'
backend:
service:
name: nginx # Service name
port:
number: 80
property:
ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
pathType: ImplementationSpecific
ingressClassName: cce</pre>
</li><li class="msonormal" id="cce_bestpractice_00231__li77621410598">Log in to the ELB console and click the target load balancer. In the backend server group of the listener, check whether sticky session is enabled.</li></ol>
</span></div></div></li></ul>
</div></div></div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_bestpractice_0052.html">Networking</a></div>
</div>
</div>
View Git Blame Copy Permalink