-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Description
Bug Report
What is the issue?
We have an linkerd-sidecar injected Ingress Controller (same behaviour with as well nginx as haproxy, linkerd related setup performed s.t. https://linkerd.io/2/tasks/using-ingress/) which terminates HTTPS connections. The connections to some of the upstream services are HTTPS as well, hence we use the annotation "haproxy.com/server-ssl: true" or "nginx.ingress.kubernetes.io/backend-protocol: HTTPS" for these. Since our services are stateful, we also use "haproxy.com/cookie-persistence: route" or "nginx.ingress.kubernetes.io/affinity: cookie" to enable cookie based session stickyness. The problem is, this only works for services with TLS, not for plaintext services. Here the cookie is set, but requests are forwarded to all the running pods.
How can it be reproduced?
Deployment with replicas > 1; Ingress Controller with Linkerd Sidecars; Ingress with configured session affinity
linkerd check output
All linkerd checks passed
Environment
- Kubernetes Version: v1.17.6 and v1.18.6
- Cluster Environment: Rancher RKE created
- Host OS: CentOS 7
- Linkerd version: edge-20.6.4 and edge-20.9.1
Thanks in advance