We have k8s-cluster with ingress-controller (nginx version: nginx/1.17.8, ingress: rke2-ingress-nginx:1.36.301) - 4 replicas (one per worker)
To improve performance and be able to reuse the session between many replicas, I try to activate the ssl_session_cache & tickets.
ingress-configmap have following data-Block:
ssl-session-cache-size: 100m
ssl-session-tickets: "true"
ssl-session-timeout: 1440m
ssl-protocols: "TLSv1.2"
ssl-session-ticket-key: "RESULT OF openssl rand 80 | openssl enc -A -base64"
When i decrease replica count to 1, i get correct handshake and i can reuse the ticket in further requests without handshake.
When i increase the replicas count to > 1, and send the session ticket in second (third, fourth...) request (round-robin), i'm getting each time a new ticket from the server incl. full handshake. So session resumption doesn't work.
Configmap auto-update is working, each replica have the same nginx.conf and all the replicas have the same /etc/nginx/tickets.key
Ingress-controller-pod logs have no issues while updating the configmap:
I0929 13:56:50.165135 8 controller.go:137] Configuration changes detected, backend reload required.
I0929 13:56:50.267572 8 controller.go:153] Backend successfully reloaded.
Restarting all ingress-pods after updating the configmap also doesn't help.
Result of the configmap in nginx.conf:
ssl_protocols TLSv1.2;
ssl_early_data off;
# turn on session caching to drastically improve performance
ssl_session_cache builtin:1000 shared:SSL:100m;
ssl_session_timeout 1440m;
# allow configuring ssl session tickets
ssl_session_tickets on;
ssl_session_ticket_key /etc/nginx/tickets.key;
Thanks!
