Configure Traefik Sticky Session in Kubernetes


As wrote earlier, I have a Jira Data Center cluster running on Kubernetes. The cluster has three nodes, and traefik is the ingress controller.

Sometimes when I create a new issue or open a setting, I got the following errors:

The root cause of this is that the request goes to a Jira node with which my browser has an expired session. As by default the service does round robin, the three Jira nodes just take turn to serve the new requests.

The fix is to use sticky session instead of round robin, so the same node serves the subsequent requests from the same session. Here are the annotations I added to my Jira service to use sticky session.

  annotations:
    traefik.ingress.kubernetes.io/affinity: "true"
    traefik.ingress.kubernetes.io/session-cookie-name: "sticky"

The full Jira service config file:

Check the session cookies, now I can see it is sticky to one of the Jira node now ( 10.32.0.6)

Run a quick curl test to double check:

$ curl -c cookie-jar -I -s http://jira-sandbox.mydomain.com:32631/status

HTTP/1.1 200 OK
Content-Length: 19
Content-Security-Policy: frame-ancestors 'self'
Content-Type: application/json;charset=UTF-8
Date: Wed, 06 Nov 2019 00:33:48 GMT
Set-Cookie: sticky=http://10.32.0.8:8080; Path=/
Set-Cookie: atlassian.xsrf.token=BV44-TO2E-83JE-X3FL_80e09ce8c80aed4d65312980e779e88742cb2f5b_lout; Path=/
Set-Cookie: JSESSIONID=BCC4EE1C6034A4C5D82A72E003EF52C3; Path=/; HttpOnly
X-Anodeid: jira-3
X-Arequestid: 33x14439x1
X-Asen: SEN-L14457132
X-Asessionid: 1m9h2ki
X-Ausername: anonymous
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

$ for i in $(seq 10); do echo "curl -b cookie-jar -I -s http://jira-sandbox.mydomain.com:32631/status | grep -i node" | bash - && grep -i token cookie-jar; done

X-Anodeid: jira-3
jira-sandbox.mydomain.com	FALSE	/	FALSE	0	atlassian.xsrf.token	BV44-TO2E-83JE-X3FL_80e09ce8c80aed4d65312980e779e88742cb2f5b_lout
X-Anodeid: jira-3
jira-sandbox.mydomain.com	FALSE	/	FALSE	0	atlassian.xsrf.token	BV44-TO2E-83JE-X3FL_80e09ce8c80aed4d65312980e779e88742cb2f5b_lout
X-Anodeid: jira-3
jira-sandbox.mydomain.com	FALSE	/	FALSE	0	atlassian.xsrf.token	BV44-TO2E-83JE-X3FL_80e09ce8c80aed4d65312980e779e88742cb2f5b_lout
X-Anodeid: jira-3
jira-sandbox.mydomain.com	FALSE	/	FALSE	0	atlassian.xsrf.token	BV44-TO2E-83JE-X3FL_80e09ce8c80aed4d65312980e779e88742cb2f5b_lout
X-Anodeid: jira-3
jira-sandbox.mydomain.com	FALSE	/	FALSE	0	atlassian.xsrf.token	BV44-TO2E-83JE-X3FL_80e09ce8c80aed4d65312980e779e88742cb2f5b_lout
X-Anodeid: jira-3
jira-sandbox.mydomain.com	FALSE	/	FALSE	0	atlassian.xsrf.token	BV44-TO2E-83JE-X3FL_80e09ce8c80aed4d65312980e779e88742cb2f5b_lout
X-Anodeid: jira-3
jira-sandbox.mydomain.com	FALSE	/	FALSE	0	atlassian.xsrf.token	BV44-TO2E-83JE-X3FL_80e09ce8c80aed4d65312980e779e88742cb2f5b_lout
X-Anodeid: jira-3
jira-sandbox.mydomain.com	FALSE	/	FALSE	0	atlassian.xsrf.token	BV44-TO2E-83JE-X3FL_80e09ce8c80aed4d65312980e779e88742cb2f5b_lout
X-Anodeid: jira-3
jira-sandbox.mydomain.com	FALSE	/	FALSE	0	atlassian.xsrf.token	BV44-TO2E-83JE-X3FL_80e09ce8c80aed4d65312980e779e88742cb2f5b_lout
X-Anodeid: jira-3
jira-sandbox.mydomain.com	FALSE	/	FALSE	0	atlassian.xsrf.token	BV44-TO2E-83JE-X3FL_80e09ce8c80aed4d65312980e779e88742cb2f5b_lout

And it fixed the above error:

Reference:
https://docs.traefik.io/v1.7/configuration/backends/kubernetes/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s