All Products
Search

This Product

    :How Do I Perform Session Persistence for a Kubernetes Service?

    Document Center

    :How Do I Perform Session Persistence for a Kubernetes Service?

    Last Updated:Jul 30, 2021

    Problem description

    The session persistence of a Kubernetes service is configured based on the client IP address at Layer 4. When a Server Load Balancer (SLB) listener is used at Layer 7, session persistence can be performed only between a client and the backend Elastic Compute Service (ECS) instance of the SLB instance. Session persistence cannot be performed between the ECS instance and a pod. This document describes how to perform session persistence between an ECS instance and a pod.

    Solution

    In this example, session persistence is configured for a service where an SLB instance is deployed. The image address and IP address in this example are configured in the test environment. Configure the image address and IP address based on your actual environment.

    Test whether session persistence is normal

    1. Use two pods that return different results to clarify the results. In addition, add labels for two deployments so that one service can be associated with the two pods. The following sample code provides an example. To test session persistence, request a resource path. To this end, an NGINX application is deployed in one pod. This pod returns an NGINX page when a request is received. The other pod returns a 404 error message when a request is received.
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        labels:
          app: nginx
        name: nginx
      spec:
        progressDeadlineSeconds: 600
        replicas: 1
        revisionHistoryLimit: 10
        selector:
          matchLabels:
            app: nginx
        strategy:
          rollingUpdate:
            maxSurge: 25%
            maxUnavailable: 25%
          type: RollingUpdate
        template:
          metadata:
            labels:
              app: nginx
          spec:
            affinity: {}
            containers:
              - env:
                  - name: aliyun_logs_catalina
                image: 'nginx:latest'
                imagePullPolicy: Always
                name: nginx
                resources:
                  requests:
                    cpu: 250m
                    memory: 512Mi
                terminationMessagePath: /dev/termination-log
                terminationMessagePolicy: File
            dnsPolicy: ClusterFirst
            restartPolicy: Always
            schedulerName: default-scheduler
            securityContext: {}
      ---
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        labels:
          app: nginx
        name: web
      spec:
        progressDeadlineSeconds: 600
        replicas: 1
        revisionHistoryLimit: 10
        selector:
          matchLabels:
            app: nginx
        strategy:
          rollingUpdate:
            maxSurge: 25%
            maxUnavailable: 25%
          type: RollingUpdate
        template:
          metadata:
            labels:
              app: nginx
          spec:
            containers:
              - image: 'registry-XXX/go-web:latest'
                imagePullPolicy: Always
                name: web
                resources:
                  requests:
                    cpu: 250m
                    memory: 512Mi
                terminationMessagePath: /dev/termination-log
                terminationMessagePolicy: File
            dnsPolicy: ClusterFirst
            restartPolicy: Always
            schedulerName: default-scheduler
            securityContext: {}
    2. Create a service based on the following configurations: 
      apiVersion: v1
      kind: Service
      metadata:
        name: session1
        namespace: default
      spec:
        clusterIP: 10.XX.XX.217
        ports:
        - port: 80
          protocol: TCP
          targetPort: 80
        selector:
          app: nginx
        type: ClusterIP
    3. Connect to a Container Service for Kubernetes (ACK) cluster. Run the following command on the same client multiple times to confirm that different results are returned. Different results indicate that no session persistence is performed. 
      curl http://[$Cluster_IP]
      Note: [$Cluster_IP] is the value of the clusterIP parameter in Step 2.
      The following figure shows the returned results.

    Configure session persistence

    1. To perform session persistence for a service where an SLB instance is deployed, you must add the following configurations: 
      apiVersion: v1
      kind: Service
      metadata:
        annotations:
          service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: slb.s1.small # allow SLB to listen for http or https. It must be TCP. By default, it is TCP.
          service.beta.kubernetes.io/alibaba-cloud-loadbalancer-persistence-timeout: '1800' # TCP session persistence must be enabled for the SLB instance.
        name: session1
        namespace: default
      spec:
        clusterIP: 10.68.121.217
        externalTrafficPolicy: Local  # Local.
        healthCheckNodePort: 30595
        ports:
        - nodePort: 30389
          port: 80
          protocol: TCP
          targetPort: 80
        selector:
          app: nginx
          sessionAffinity: ClientIP   # this field must be set to ClientIP.
          sessionAffinityConfig:
          clientIP:
          timeoutSeconds: 10800
        type: ClusterIP
    2. Check whether the same results are returned by performing Step 3 in the Test whether session persistence is normal section. The following figure shows the returned results.

    Application scope

    • Clusters of ACK Proprietary Edition
    • Clusters of ACK Managed Edition