stackoom
  简体   繁体   中英

OpenShift service with sessionAffinity forwards traffic to two pods

 原文  2020-07-29 08:41:46       kubernetes/ openshift/ session-affinity

Question

OpenShift Container Platform 3.11

Assume a setup with one client pod and three equal server pods in the same namespace. The server pods are available via a service:

  apiVersion: v1
  kind: Service
  metadata:
    name: server
  spec:
    ports:
    - name: "8200"
      port: 8200
      targetPort: 8200
    selector:
      test.service: server
    sessionAffinity: ClientIP
    sessionAffinityConfig:
      clientIP:
        timeoutSeconds: 10800 # default

设置客户端和服务器 pod

The sessionAffinity: ClientIP states that as long as the client has the same IP its requests are forwarded to the same server pod (except when the timeoutSeconds are reached). This setup worked as expected for months, until suddenly the requests were distributed between two server pods. Restarting the client pod temporarily solved the problem and the requests were forwarded to one server pod only for some time. However, after a few days, the same problem occurred again.

My question: Is there anything regarding OpenShift services and sessionAffinity: ClientIP that explaines why requests from the same client with an unchanged IP might be "suddenly" distributed between two server pods?

Some additional context:

The client pod receives a session token (not a cookie) when it connects to a server pod. The session token is cached inside the server pod, but is not shared between server pods. Therefore, when the client connects to a different server, it would receive a permission denied for the session token. The client then requests a new session token. If the client's requests are forwarded to the same server pod and only sometimes the server changes (eg because the first server crashed) the above setup works fine. However, if the client's requests are distributed between two or more servers, the session token will be invalid with every second or third request.

1 answers

solution1
 0  2021-05-14 11:44:59

Looking at the Kubernetes proxysocket source, we assume that a long connection time (above 250 ms) triggers the selection of a new endpoint.

Instead of distributing client connections between the servers via an OpenShift service, we now use an additional nginx pod between client and servers.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Synchronising all the pods of a service in openshift Openshift Route is not load balancing from Service pods How openshift service loadbalance between pods? Openshift origin pods cannot access other pods via service name Why sessionAffinity doesn't work on a headless service Minikube Kubernetes: two pods and service Are 2 OpenShift pods replicas deployed on two different nodes (when #nodes > 2)? How to list names of all pods serving traffic behind a service in kubernetes Openshift - Pod associated with a service shows “x” against Receiving Traffic Option How to evict cache in multiple pods? I have two Openshift pods and I want to send a HTTP request for evict cache in both pods
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM