Bug Report

What is the issue?

We have an linkerd-sidecar injected Ingress Controller (same behaviour with as well nginx as haproxy, linkerd related setup performed s.t. https://linkerd.io/2/tasks/using-ingress/) which terminates HTTPS connections. The connections to some of the upstream services are HTTPS as well, hence we use the annotation "haproxy.com/server-ssl: true" or "nginx.ingress.kubernetes.io/backend-protocol: HTTPS" for these. Since our services are stateful, we also use "haproxy.com/cookie-persistence: route" or "nginx.ingress.kubernetes.io/affinity: cookie" to enable cookie based session stickyness. The problem is, this only works for services with TLS, not for plaintext services. Here the cookie is set, but requests are forwarded to all the running pods.

How can it be reproduced?

Deployment with replicas > 1; Ingress Controller with Linkerd Sidecars; Ingress with configured session affinity

linkerd check output

All linkerd checks passed

Environment

• Kubernetes Version: v1.17.6 and v1.18.6
• Cluster Environment: Rancher RKE created
• Host OS: CentOS 7
• Linkerd version: edge-20.6.4 and edge-20.9.1

Thanks in advance