1

I am using ingress affinity session in order to keep communication between a client and a pod. Because sticky session could cause some overloading to a pod (the clients keep same pod).

I'm looking for best practices about the parameter nginx.ingress.kubernetes.io/session-cookie-max-age.

The example value is 172 800 (second) which mean 48 hours. Why? It's a huge duration, is it possible to set up it to 30 minutes? By the way, what happens when the application session has expired? Does the ingress rebalance the client or keep the same pod?

Wytrzymały Wiktor
  • 11,492
  • 5
  • 29
  • 37
julus
  • 431
  • 1
  • 5
  • 14
  • Which version of Kubernetes did you use and how did you set up the cluster? Did you use bare metal installation or some cloud provider? – kkopczak Feb 07 '22 at 17:04
  • Did you try to change the values of session-cookie-expires and session-cookie-max-age? – kkopczak Feb 15 '22 at 15:58

1 Answers1

0

This is an example documentation, you don't need to use the exact values provided in it.

You can set it up to any value you want, however setting up max-age and expires to too short periods of time, backend will be rebalanced too often. This the answer to another question - yes, ingress will rebalance the client.

There are two optional attributes you can use related to its age:

  • Expires=<date>

Indicates the maximum lifetime of the cookie as an HTTP-date timestamp. In case of ingress, it's set up as a number.

  • Max-Age=<number>

Indicates the number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately.

Important! If both Expires and Max-Age are set, Max-Age has precedence.

Below is a working example with cookie max-age and expires set to 30 minutes:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-cookie-test
  annotations:
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/session-cookie-name: "test-cookie"
    nginx.ingress.kubernetes.io/session-cookie-expires: "1800"
    nginx.ingress.kubernetes.io/session-cookie-max-age: "1800"
spec:
  ingressClassName: nginx
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: service-name
            port:
              number: 80

And checking that it works performing a curl request (removed unnecessary details):

$ curl -I example.com
HTTP/1.1 200 OK
Date: Mon, 14 Mar 2022 13:14:42 GMT
Set-Cookie: test-cookie=1647263683.046.104.525797|ad50b946deebe30052b8573dcb9a2339; Expires=Mon, 14-Mar-22 13:44:42 GMT; Max-Age=1800; Path=/; HttpOnly
moonkotte
  • 3,661
  • 2
  • 10
  • 25