Kubernetes nginx ingress 0.22 not respecting cookie affinity annotation?Kubernetes Nginx Ingress Controller expose Nginx WebserverKubernetes nginx Ingress configuration not working for GrafanaNginx ingress controller modsecurityKubernetes ingress nginx not matching sub pathsK8s Helm - Jenkins with Nginx IngressNGINX Ingress controller not updating affinity cookiekubernetes not creating the ELB for ingress-nginx controllerKubernetes Nginx Ingress not finding service endpointHow can I correctly setup custom headers with nginx ingress?Using Session Affinity (Cookies) with SSL Passthrough on NGINX-Ingress
What is the word for reserving something for yourself before others do?
Python: return float 1.0 as int 1 but float 1.5 as float 1.5
Can I use a neutral wire from another outlet to repair a broken neutral?
How can saying a song's name be a copyright violation?
How do conventional missiles fly?
Does casting Light, or a similar spell, have any effect when the caster is swallowed by a monster?
What is going on with Captain Marvel's blood colour?
Why does Arabsat 6A need a Falcon Heavy to launch
prove that the matrix A is diagonalizable
UK: Is there precedent for the governments e-petition site changing the direction of a government decision?
Can one be a co-translator of a book, if he does not know the language that the book is translated into?
Why is the 'in' operator throwing an error with a string literal instead of logging false?
Why can't we play rap on piano?
Western buddy movie with a supernatural twist where a woman turns into an eagle at the end
Can I ask the recruiters in my resume to put the reason why I am rejected?
I'm flying to France today and my passport expires in less than 2 months
How much of data wrangling is a data scientist's job?
Has there ever been an airliner design involving reducing generator load by installing solar panels?
How do I write bicross product symbols in latex?
Infinite Abelian subgroup of infinite non Abelian group example
Took a trip to a parallel universe, need help deciphering
Why "Having chlorophyll without photosynthesis is actually very dangerous" and "like living with a bomb"?
What is the intuition behind short exact sequences of groups; in particular, what is the intuition behind group extensions?
Etiquette around loan refinance - decision is going to cost first broker a lot of money
Kubernetes nginx ingress 0.22 not respecting cookie affinity annotation?
Kubernetes Nginx Ingress Controller expose Nginx WebserverKubernetes nginx Ingress configuration not working for GrafanaNginx ingress controller modsecurityKubernetes ingress nginx not matching sub pathsK8s Helm - Jenkins with Nginx IngressNGINX Ingress controller not updating affinity cookiekubernetes not creating the ELB for ingress-nginx controllerKubernetes Nginx Ingress not finding service endpointHow can I correctly setup custom headers with nginx ingress?Using Session Affinity (Cookies) with SSL Passthrough on NGINX-Ingress
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
We recently upgraded to nginx-ingress 0.22. Before this upgrade, my service was using the old namespace ingress.kubernetes.io/affinity: cookie and everything was working as I expected. However, upon the upgrade to 0.22, affinity stopped being applied to my service (I don't see sticky anywhere in the nginx.conf).
I looked at the docs and changed the namespace to nginx.ingress.kubernetes.io as shown in this example, but it didn't help.
Is there some debug log I can look at that will show the configuration parsing/building process? My guess is that some other setting is preventing this from working (I can't imagine the k8s team shipped a release with this feature completely broken), but I'm not sure what that could be.
My ingress config as shown by the k8s dashboard follows:
"kind": "Ingress",
"apiVersion": "extensions/v1beta1",
"metadata":
"name": "example-ingress",
"namespace": "master",
"selfLink": "/apis/extensions/v1beta1/namespaces/master/ingresses/example-ingress",
"uid": "01e81627-3b90-11e9-bb5a-f6bc944a4132",
"resourceVersion": "23345275",
"generation": 1,
"creationTimestamp": "2019-02-28T19:35:30Z",
"labels":
,
"annotations":
"ingress.kubernetes.io/backend-protocol": "HTTPS",
"ingress.kubernetes.io/limit-rps": "100",
"ingress.kubernetes.io/proxy-body-size": "100m",
"ingress.kubernetes.io/proxy-read-timeout": "60",
"ingress.kubernetes.io/proxy-send-timeout": "60",
"ingress.kubernetes.io/secure-backends": "true",
"ingress.kubernetes.io/secure-verify-ca-secret": "example-ingress-ssl",
"kubernetes.io/ingress.class": "nginx",
"nginx.ingress.kubernetes.io/affinity": "cookie",
"nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
"nginx.ingress.kubernetes.io/limit-rps": "100",
"nginx.ingress.kubernetes.io/proxy-body-size": "100m",
"nginx.ingress.kubernetes.io/proxy-buffer-size": "8k",
"nginx.ingress.kubernetes.io/proxy-read-timeout": "60",
"nginx.ingress.kubernetes.io/proxy-send-timeout": "60",
"nginx.ingress.kubernetes.io/secure-verify-ca-secret": "example-ingress-ssl",
"nginx.ingress.kubernetes.io/session-cookie-expires": "172800",
"nginx.ingress.kubernetes.io/session-cookie-max-age": "172800",
"nginx.ingress.kubernetes.io/session-cookie-name": "route",
"nginx.org/websocket-services": "example"
,
"spec":
"tls": [
"hosts": [
"*.example.net"
],
"secretName": "example-ingress-ssl"
],
"rules": [
"host": "*.example.net",
"http":
"paths": [
"path": "/",
"backend":
"serviceName": "example",
"servicePort": 443
]
]
,
"status":
"loadBalancer":
"ingress": [
]
}
kubernetes kubernetes-ingress nginx-ingress edited Mar 9 at 14:57
webwurst
3,45921828
asked Mar 7 at 23:54
anisopteraanisoptera
901616
add a comment |
We recently upgraded to nginx-ingress 0.22. Before this upgrade, my service was using the old namespace ingress.kubernetes.io/affinity: cookie and everything was working as I expected. However, upon the upgrade to 0.22, affinity stopped being applied to my service (I don't see sticky anywhere in the nginx.conf).
I looked at the docs and changed the namespace to nginx.ingress.kubernetes.io as shown in this example, but it didn't help.
Is there some debug log I can look at that will show the configuration parsing/building process? My guess is that some other setting is preventing this from working (I can't imagine the k8s team shipped a release with this feature completely broken), but I'm not sure what that could be.
My ingress config as shown by the k8s dashboard follows:
"kind": "Ingress",
"apiVersion": "extensions/v1beta1",
"metadata":
"name": "example-ingress",
"namespace": "master",
"selfLink": "/apis/extensions/v1beta1/namespaces/master/ingresses/example-ingress",
"uid": "01e81627-3b90-11e9-bb5a-f6bc944a4132",
"resourceVersion": "23345275",
"generation": 1,
"creationTimestamp": "2019-02-28T19:35:30Z",
"labels":
,
"annotations":
"ingress.kubernetes.io/backend-protocol": "HTTPS",
"ingress.kubernetes.io/limit-rps": "100",
"ingress.kubernetes.io/proxy-body-size": "100m",
"ingress.kubernetes.io/proxy-read-timeout": "60",
"ingress.kubernetes.io/proxy-send-timeout": "60",
"ingress.kubernetes.io/secure-backends": "true",
"ingress.kubernetes.io/secure-verify-ca-secret": "example-ingress-ssl",
"kubernetes.io/ingress.class": "nginx",
"nginx.ingress.kubernetes.io/affinity": "cookie",
"nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
"nginx.ingress.kubernetes.io/limit-rps": "100",
"nginx.ingress.kubernetes.io/proxy-body-size": "100m",
"nginx.ingress.kubernetes.io/proxy-buffer-size": "8k",
"nginx.ingress.kubernetes.io/proxy-read-timeout": "60",
"nginx.ingress.kubernetes.io/proxy-send-timeout": "60",
"nginx.ingress.kubernetes.io/secure-verify-ca-secret": "example-ingress-ssl",
"nginx.ingress.kubernetes.io/session-cookie-expires": "172800",
"nginx.ingress.kubernetes.io/session-cookie-max-age": "172800",
"nginx.ingress.kubernetes.io/session-cookie-name": "route",
"nginx.org/websocket-services": "example"
,
"spec":
"tls": [
"hosts": [
"*.example.net"
],
"secretName": "example-ingress-ssl"
],
"rules": [
"host": "*.example.net",
"http":
"paths": [
"path": "/",
"backend":
"serviceName": "example",
"servicePort": 443
]
]
,
"status":
"loadBalancer":
"ingress": [
]
}
edited Mar 9 at 14:57
webwurst
3,45921828
asked Mar 7 at 23:54
anisopteraanisoptera
901616
add a comment |
We recently upgraded to nginx-ingress 0.22. Before this upgrade, my service was using the old namespace ingress.kubernetes.io/affinity: cookie and everything was working as I expected. However, upon the upgrade to 0.22, affinity stopped being applied to my service (I don't see sticky anywhere in the nginx.conf).
I looked at the docs and changed the namespace to nginx.ingress.kubernetes.io as shown in this example, but it didn't help.
Is there some debug log I can look at that will show the configuration parsing/building process? My guess is that some other setting is preventing this from working (I can't imagine the k8s team shipped a release with this feature completely broken), but I'm not sure what that could be.
My ingress config as shown by the k8s dashboard follows:
"kind": "Ingress",
"apiVersion": "extensions/v1beta1",
"metadata":
"name": "example-ingress",
"namespace": "master",
"selfLink": "/apis/extensions/v1beta1/namespaces/master/ingresses/example-ingress",
"uid": "01e81627-3b90-11e9-bb5a-f6bc944a4132",
"resourceVersion": "23345275",
"generation": 1,
"creationTimestamp": "2019-02-28T19:35:30Z",
"labels":
,
"annotations":
"ingress.kubernetes.io/backend-protocol": "HTTPS",
"ingress.kubernetes.io/limit-rps": "100",
"ingress.kubernetes.io/proxy-body-size": "100m",
"ingress.kubernetes.io/proxy-read-timeout": "60",
"ingress.kubernetes.io/proxy-send-timeout": "60",
"ingress.kubernetes.io/secure-backends": "true",
"ingress.kubernetes.io/secure-verify-ca-secret": "example-ingress-ssl",
"kubernetes.io/ingress.class": "nginx",
"nginx.ingress.kubernetes.io/affinity": "cookie",
"nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
"nginx.ingress.kubernetes.io/limit-rps": "100",
"nginx.ingress.kubernetes.io/proxy-body-size": "100m",
"nginx.ingress.kubernetes.io/proxy-buffer-size": "8k",
"nginx.ingress.kubernetes.io/proxy-read-timeout": "60",
"nginx.ingress.kubernetes.io/proxy-send-timeout": "60",
"nginx.ingress.kubernetes.io/secure-verify-ca-secret": "example-ingress-ssl",
"nginx.ingress.kubernetes.io/session-cookie-expires": "172800",
"nginx.ingress.kubernetes.io/session-cookie-max-age": "172800",
"nginx.ingress.kubernetes.io/session-cookie-name": "route",
"nginx.org/websocket-services": "example"
,
"spec":
"tls": [
"hosts": [
"*.example.net"
],
"secretName": "example-ingress-ssl"
],
"rules": [
"host": "*.example.net",
"http":
"paths": [
"path": "/",
"backend":
"serviceName": "example",
"servicePort": 443
]
]
,
"status":
"loadBalancer":
"ingress": [
]
}
edited Mar 9 at 14:57
webwurst
3,45921828
asked Mar 7 at 23:54
anisopteraanisoptera
901616
We recently upgraded to nginx-ingress 0.22. Before this upgrade, my service was using the old namespace ingress.kubernetes.io/affinity: cookie and everything was working as I expected. However, upon the upgrade to 0.22, affinity stopped being applied to my service (I don't see sticky anywhere in the nginx.conf).
I looked at the docs and changed the namespace to nginx.ingress.kubernetes.io as shown in this example, but it didn't help.
Is there some debug log I can look at that will show the configuration parsing/building process? My guess is that some other setting is preventing this from working (I can't imagine the k8s team shipped a release with this feature completely broken), but I'm not sure what that could be.
My ingress config as shown by the k8s dashboard follows:
"kind": "Ingress",
"apiVersion": "extensions/v1beta1",
"metadata":
"name": "example-ingress",
"namespace": "master",
"selfLink": "/apis/extensions/v1beta1/namespaces/master/ingresses/example-ingress",
"uid": "01e81627-3b90-11e9-bb5a-f6bc944a4132",
"resourceVersion": "23345275",
"generation": 1,
"creationTimestamp": "2019-02-28T19:35:30Z",
"labels":
,
"annotations":
"ingress.kubernetes.io/backend-protocol": "HTTPS",
"ingress.kubernetes.io/limit-rps": "100",
"ingress.kubernetes.io/proxy-body-size": "100m",
"ingress.kubernetes.io/proxy-read-timeout": "60",
"ingress.kubernetes.io/proxy-send-timeout": "60",
"ingress.kubernetes.io/secure-backends": "true",
"ingress.kubernetes.io/secure-verify-ca-secret": "example-ingress-ssl",
"kubernetes.io/ingress.class": "nginx",
"nginx.ingress.kubernetes.io/affinity": "cookie",
"nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
"nginx.ingress.kubernetes.io/limit-rps": "100",
"nginx.ingress.kubernetes.io/proxy-body-size": "100m",
"nginx.ingress.kubernetes.io/proxy-buffer-size": "8k",
"nginx.ingress.kubernetes.io/proxy-read-timeout": "60",
"nginx.ingress.kubernetes.io/proxy-send-timeout": "60",
"nginx.ingress.kubernetes.io/secure-verify-ca-secret": "example-ingress-ssl",
"nginx.ingress.kubernetes.io/session-cookie-expires": "172800",
"nginx.ingress.kubernetes.io/session-cookie-max-age": "172800",
"nginx.ingress.kubernetes.io/session-cookie-name": "route",
"nginx.org/websocket-services": "example"
,
"spec":
"tls": [
"hosts": [
"*.example.net"
],
"secretName": "example-ingress-ssl"
],
"rules": [
"host": "*.example.net",
"http":
"paths": [
"path": "/",
"backend":
"serviceName": "example",
"servicePort": 443
]
]
,
"status":
"loadBalancer":
"ingress": [
]
}
edited Mar 9 at 14:57
webwurst
3,45921828
asked Mar 7 at 23:54
anisopteraanisoptera
901616
edited Mar 9 at 14:57
webwurst
3,45921828
asked Mar 7 at 23:54
anisopteraanisoptera
901616
edited Mar 9 at 14:57
webwurst
3,45921828
edited Mar 9 at 14:57
webwurst
3,45921828
edited Mar 9 at 14:57
webwurst
3,45921828
3,45921828
asked Mar 7 at 23:54
anisopteraanisoptera
901616
asked Mar 7 at 23:54
anisopteraanisoptera
901616
asked Mar 7 at 23:54
anisopteraanisoptera
901616
901616
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
As I tested Sticky session affinity with Nginx Ingress version 0.22, I can assure that it works just fine. Then when I was looking for your configuration, I replaced wildcard host host: "*.example.net" with i.e host: "stickyingress.example.net" just to ignore wildcard, and it worked fine again.
So after some search I found out that from this issue
Wildcard hostnames are not supported by the Ingress spec (only SSL
wildcard certificates are)
Even this issue was opened for NGINX Ingress controller version:
0.21.0
answered Mar 11 at 15:28
coolinuxoidcoolinuxoid
5699
Ah, thanks for this find. Extremely unfortunate though. Guess I'm going to have to do the "deploy a separate ingress instance" solution mentioned in that issue...
– anisoptera
Mar 11 at 19:55
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55054681%2fkubernetes-nginx-ingress-0-22-not-respecting-cookie-affinity-annotation%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
As I tested Sticky session affinity with Nginx Ingress version 0.22, I can assure that it works just fine. Then when I was looking for your configuration, I replaced wildcard host host: "*.example.net" with i.e host: "stickyingress.example.net" just to ignore wildcard, and it worked fine again.
So after some search I found out that from this issue
Wildcard hostnames are not supported by the Ingress spec (only SSL
wildcard certificates are)
Even this issue was opened for NGINX Ingress controller version:
0.21.0
answered Mar 11 at 15:28
coolinuxoidcoolinuxoid
5699
Ah, thanks for this find. Extremely unfortunate though. Guess I'm going to have to do the "deploy a separate ingress instance" solution mentioned in that issue...
– anisoptera
Mar 11 at 19:55
add a comment |
As I tested Sticky session affinity with Nginx Ingress version 0.22, I can assure that it works just fine. Then when I was looking for your configuration, I replaced wildcard host host: "*.example.net" with i.e host: "stickyingress.example.net" just to ignore wildcard, and it worked fine again.
So after some search I found out that from this issue
Wildcard hostnames are not supported by the Ingress spec (only SSL
wildcard certificates are)
Even this issue was opened for NGINX Ingress controller version:
0.21.0
answered Mar 11 at 15:28
coolinuxoidcoolinuxoid
5699
Ah, thanks for this find. Extremely unfortunate though. Guess I'm going to have to do the "deploy a separate ingress instance" solution mentioned in that issue...
– anisoptera
Mar 11 at 19:55
add a comment |
As I tested Sticky session affinity with Nginx Ingress version 0.22, I can assure that it works just fine. Then when I was looking for your configuration, I replaced wildcard host host: "*.example.net" with i.e host: "stickyingress.example.net" just to ignore wildcard, and it worked fine again.
So after some search I found out that from this issue
Wildcard hostnames are not supported by the Ingress spec (only SSL
wildcard certificates are)
Even this issue was opened for NGINX Ingress controller version:
0.21.0
answered Mar 11 at 15:28
coolinuxoidcoolinuxoid
5699
As I tested Sticky session affinity with Nginx Ingress version 0.22, I can assure that it works just fine. Then when I was looking for your configuration, I replaced wildcard host host: "*.example.net" with i.e host: "stickyingress.example.net" just to ignore wildcard, and it worked fine again.
So after some search I found out that from this issue
Wildcard hostnames are not supported by the Ingress spec (only SSL
wildcard certificates are)
Even this issue was opened for NGINX Ingress controller version:
0.21.0
answered Mar 11 at 15:28
coolinuxoidcoolinuxoid
5699
answered Mar 11 at 15:28
coolinuxoidcoolinuxoid
5699
answered Mar 11 at 15:28
coolinuxoidcoolinuxoid
5699
answered Mar 11 at 15:28
coolinuxoidcoolinuxoid
5699
5699
Ah, thanks for this find. Extremely unfortunate though. Guess I'm going to have to do the "deploy a separate ingress instance" solution mentioned in that issue...
– anisoptera
Mar 11 at 19:55
add a comment |
Ah, thanks for this find. Extremely unfortunate though. Guess I'm going to have to do the "deploy a separate ingress instance" solution mentioned in that issue...
– anisoptera
Mar 11 at 19:55
Ah, thanks for this find. Extremely unfortunate though. Guess I'm going to have to do the "deploy a separate ingress instance" solution mentioned in that issue...
– anisoptera
Mar 11 at 19:55
Ah, thanks for this find. Extremely unfortunate though. Guess I'm going to have to do the "deploy a separate ingress instance" solution mentioned in that issue...
– anisoptera
Mar 11 at 19:55
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55054681%2fkubernetes-nginx-ingress-0-22-not-respecting-cookie-affinity-annotation%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
