GEP-1619 Session Persistence and Session Affinity #1643
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
|
|
|
Welcome @gcs278! |
k8s-ci-robot
added
the
cncf-cla: no
|
Hi @gcs278. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
site-src/geps/gep-1619.md
Outdated
|
|
||
| Some of the concerns of session persistence are the duration and expiration of the session, security of the transaction stream, and storage of the context or state. Application developers use session persistence to improve the performance and reduce overall storage needs by aligning each transaction and its cached data with the same server. | ||
|
|
||
| Session persistence is not to be confused with session affinity, which uses information below the application layer to maintain a client request to a single server. Session affinity can be considered a weaker form of session persistence: it is not guaranteed to persist a connection to the same backend server. |
There was a problem hiding this comment.
This seems to be saying the difference between Affinity and Persistence is L7 vs L4. Its not clear to me that is an important distinction
In my view, the primary difference between session types is whether the client directly specifies the backend they want OR if some attribute of the request is just used to consistently send to a backend.
- Type 1 example: A cookie with
Backend=1.2.3.4 - Type 2 example: Send to backend based on
backend[hash(SomeHeader) % BackendCount]
In Envoy terms, 1 is "stick sessions" and 2 is "consistent hash".
To me, that distinction seems more relevant than L7 vs L4. I would agree that "affinity" does tend to be L4 based on source IP, as you noted in your examples.
There was a problem hiding this comment.
Good point, I agree. I reworded Persistence and Affinity verbiage with focus on what information/attributes are being used to achieve the connection consistency, let me know what you think.
gcs278
force-pushed
the
gep-1619
branch
3 times, most recently
from
c4d0e4a to
b1bddb0
Compare
site-src/geps/gep-1619.md
Outdated
| | Acnodal EPIC | Envoy | Cookie-Based, Header-Based | Consistent Hashing via Maglev and Ring Hash | Envoy proxy implements both [cookie-based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/cookie/v3/cookie.proto) and [header-based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/header/v3/header.proto) stateful sessions. Envoy offers [Maglev](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and [Ring Hash](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash) load balancing algorithms that provide consistent hashing. | | ||
| | Apache APISIX | Nginx | ? | ? | ? | | ||
| | Cilium | eBPF | No | Source IP Address | Cilium does not have a true session persistence feature, but does implement [session affinity by default](https://docs.cilium.io/en/v1.12/gettingstarted/kubeproxy-free/#id2) using source IP address. | | ||
| | Contour | Envoy | Cookie-Based | Consistent Hashing via Maglev and Ring Hash | Envoy proxy implements both [cookie-based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/cookie/v3/cookie.proto) and [header-based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/header/v3/header.proto) stateful sessions. Envoy offers [Maglev](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and [Ring Hash](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash) load balancing algorithms that provide consistent hashing. | |
There was a problem hiding this comment.
Contour also supports using other request attributes other than cookies to route requests to a consistent backend: https://projectcontour.io/docs/v1.23.2/config/request-routing/#load-balancing-strategy (the RequestHash load balancing strategy)
There was a problem hiding this comment.
Thanks for the info - I added a note about this in the Contour row.
gcs278
force-pushed
the
gep-1619
branch
2 times, most recently
from
ce198f8 to
803d1b6
Compare
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
site-src/geps/gep-1619.md
Outdated
| - Identify differences in session persistence functionality between implementations | ||
|
|
||
| ## Non-Goals | ||
| - Create proposals for adding session persistence configuration to Gateway API object specification |
There was a problem hiding this comment.
Although this may be a non-goal for this particular "provisional" stage of the GEP, I think it would need to be a goal of the GEP as a whole. Or maybe I'm misunderstanding the purpose of writing this up.
There was a problem hiding this comment.
Agreed, it seems that this should be an eventual goal of this KEP, however it's reasonable for the first iteration to just be the "what and the why" without the how and still merge.
There was a problem hiding this comment.
| - Create proposals for adding session persistence configuration to Gateway API object specification |
There was a problem hiding this comment.
That's fair, I'll remove it to avoid confusion.
site-src/geps/gep-1619.md
Outdated
| ## Non-Goals | ||
| - Create proposals for adding session persistence configuration to Gateway API object specification | ||
| - Mandate a default or expected session persistence functionality for implementations | ||
| - Require implementations to support session persistence or a specific form of it |
There was a problem hiding this comment.
If there are values that are broadly implementable, we may want to consider this "core" conformance which would conflict with this non-goal. (I don't actually know that this is broadly implementable, but it may be safer to leave this non-goal out).
There was a problem hiding this comment.
We should definitely take an inventory, in time, of implementations ability to support this. But since we don't fully know what "this" is yet I don't think we need to worry too much about it. I would just advise dropping this for now, and we can suss out support levels in a follow-up PR:
| - Require implementations to support session persistence or a specific form of it |
There was a problem hiding this comment.
Got it, will drop this non-goal for now to defer this decision to later PRs.
site-src/geps/gep-1619.md
Outdated
| At the November 28th, 2022 SIG Gateway API meeting, we discussed the idea of standardizing and documenting session persistence (also known as session stickiness). It was recommended that we first generate discussion for how we describe session persistence, agree on how it is achieved, and find out which implementers support session persistence. | ||
|
|
||
| Conformance test for session persistence will be considered if deemed appropriate. Furthermore, this information can be used for developing a Gateway API spec to configure session persistence in the future. |
There was a problem hiding this comment.
Instead of providing a history, I think I'd just explain what session affinity means and why it should be configurable within Gateway API (assuming that's the goal). Edit: Looks like you've already done that well below, so maybe just leave this part out.
There was a problem hiding this comment.
So dropping these paragraphs? Sure, it doesn't really add much value to the GEP. Done.
There was a problem hiding this comment.
Overall I really like the approach of talking about the "what" and "why" first, rather than digging right into details.
I'm approving this GEP based on the fact that it is provisional, and I see no reason to block merging it in this provisional state as I expect we can iteratively update it afterwards. That said, I do have a few comments that I would like to see resolved before we merge please see what you think of them.
site-src/geps/gep-1619.md
Outdated
| - Identify differences in session persistence functionality between implementations | ||
|
|
||
| ## Non-Goals | ||
| - Create proposals for adding session persistence configuration to Gateway API object specification |
There was a problem hiding this comment.
Agreed, it seems that this should be an eventual goal of this KEP, however it's reasonable for the first iteration to just be the "what and the why" without the how and still merge.
site-src/geps/gep-1619.md
Outdated
| ## Non-Goals | ||
| - Create proposals for adding session persistence configuration to Gateway API object specification | ||
| - Mandate a default or expected session persistence functionality for implementations | ||
| - Require implementations to support session persistence or a specific form of it |
There was a problem hiding this comment.
We should definitely take an inventory, in time, of implementations ability to support this. But since we don't fully know what "this" is yet I don't think we need to worry too much about it. I would just advise dropping this for now, and we can suss out support levels in a follow-up PR:
| - Require implementations to support session persistence or a specific form of it |
site-src/geps/gep-1619.md
Outdated
|
|
||
| At the November 28th, 2022 SIG Gateway API meeting, we discussed the idea of standardizing and documenting session persistence (also known as session stickiness). It was recommended that we first generate discussion for how we describe session persistence, agree on how it is achieved, and find out which implementers support session persistence. | ||
|
|
||
| Conformance test for session persistence will be considered if deemed appropriate. Furthermore, this information can be used for developing a Gateway API spec to configure session persistence in the future. |
There was a problem hiding this comment.
Conformance test for session persistence will be considered if deemed appropriate.
I'm a little confused about this statement. We intend to provide conformance for all API specification in time, why would we not with session persistence?
There was a problem hiding this comment.
I've dropped this statement per rob's last comment. I originally was coming at this from the angle of just documenting session persistence and not adding an API field (yet). At that instance in time, with no API fields for session persistence, a conformance test would be to establish default functionality, i.e. an expectation of default session persistence. I should have worded it more like:
Conformance test for default session persistence functionality will be considered if deemed appropriate.
Though, I think this was confusing because I don't think there is precedent of Gateway API conformance testing something that is not a feature controllable by an API field. After more discussion, it sounded like we wanted the API fields established before doing a conformance test. Sounds like we should have conformance test for confirming an API field is functional, not necessarily for prescribing default functionality.
k8s-ci-robot
added
the
approved
site-src/geps/gep-1619.md
Outdated
| | Traefik | Traefik Proxy | Cookie-Based | No | Traefik implements [cookied-based](https://doc.traefik.io/traefik/routing/services/#sticky-sessions) stateful sessions. [Docs](https://traefik.io/glossary/what-are-sticky-sessions/) mention consistent hashing, but Traefik [only offers round robin](https://doc.traefik.io/traefik/routing/services/#load-balancing) (not consistent). | | ||
|
|
||
| ### Open Questions | ||
| - What are the needs and use cases from end users for specifying session persistence? |
There was a problem hiding this comment.
I would add a section on Java ( and tomcat/jetty/etc), which has standardised the API and behavior long ago, including more advanced features like session migration to a different host, activating session on demand.
Also missing is a section on privacy and maybe a small not on compliance - k8s gateway is used not only for service to service but may also be used for web server workloads with browsers as clients.
There was a problem hiding this comment.
An doc I wrote for Istio: https://docs.google.com/document/d/1s_eQCOukYlR8wMW0sHIi7hGyfGsTPV6Eyc-oFwvxsxQ/edit#heading=h.xw1gqgyqs5b
( the example uses K8S Gateway API only, only an istio-specific envoyfilter used)
There was a problem hiding this comment.
Did you mean a new section dedicated to talking about Java? Or table entries? I started a section, but will probably need your advice on expanding on the content.
Thanks for the doc, it's very thorough. I'll leverage that.
For privacy, I think I addressed that in the new Security and Privacy Implications section. For compliance, could you expand? What compliance requirements are we referring to? Are you saying we should create requirements in this GEP?
site-src/geps/gep-1619.md
Outdated
| | Google Kubernetes Engine | ? | ? | ? | ? | | ||
| | HAProxy Ingress | HAProxy | Cookie-Based | Stick Tables | HAProxy implements cookie-based stateful sessions via the [forwardfor option](https://docs.haproxy.org/2.6/configuration.html#4-option%20forwardfor). [Stick tables](https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#4-stick-table) implement stickiness via client attributes. | | ||
| | HashiCorp Consul | Envoy | Cookie-Based, Header-Based | Consistent Hashing via Maglev and Ring Hash | ? | | ||
| | Istio | Envoy | Cookie-Based, Header-Based | Consistent Hashing via Maglev and Ring Hash | Envoy proxy implements both [cookie-based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/cookie/v3/cookie.proto) and [header-based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/header/v3/header.proto) stateful sessions.Envoy offers [Maglev](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and [Ring Hash](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash) load balancing algorithms that provide consistent hashing. | |
There was a problem hiding this comment.
I would note that envoy current implementation is not suitable for use in gateways - session/header value is plain text ip/port of backend ( base64 for some weird reasons). Inside a mesh - GAMMA - backend IP is exposed and any pod can directly hit any backend (unless blocked by a policy), but on the internet I have not seen any provider allowing clients to connect to specific internal IPs.
site-src/geps/gep-1619.md
Outdated
| | **Implementation** | **Proxy Type** | **Session Persistence** | **Session Affinity** | **Notes** | | ||
| | --- | --- | --- | --- | --- | | ||
| | Acnodal EPIC | Envoy | Cookie-Based, Header-Based | Consistent Hashing via Maglev and Ring Hash | Envoy proxy implements both [cookie-based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/cookie/v3/cookie.proto) and [header-based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/header/v3/header.proto) stateful sessions. Envoy offers [Maglev](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and [Ring Hash](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash) load balancing algorithms that provide consistent hashing. | | ||
| | Apache APISIX | Nginx | ? | ? | ? | |
There was a problem hiding this comment.
I would add Apache httpd - supports Java standard sessions ( or did - mod_jk ) for multiple java implementations. Back in the days other long-dead load balancers had
java support as well ( IIS, Netscape, etc ) - and I would guess any enterprise using Java servlets in last 20 years had a load balancer with session support.
Nginx has some support for at least tomcat sessions in a pretty convoluted way: https://docs.nginx.com/nginx/deployment-guides/load-balance-third-party/apache-tomcat/
There was a problem hiding this comment.
( not sure mod_jk is still alive and what replaced it - I implemented the persistent sessions in ~2000 )
There was a problem hiding this comment.
Thanks, the nginx docs were very helpful. Looks like you have to pay for full session persistence.
Added Apache httpd to the list.
site-src/geps/gep-1619.md
Outdated
|
|
||
| Session persistence is when a client request is directed to the same backend server for the duration of a "session". It is achieved when a client directly provides information, such as a header, that a proxy uses as a reference to direct traffic to a specific server. Persistence is an exception to load balancing: a persistent client request bypasses the proxy's load balancing algorithm, going directly to a backend server it has previously established a session with. | ||
|
|
||
| Some of the concerns of session persistence are the duration and expiration of the session, security of the transaction stream, and storage of the context or state. Application developers use session persistence to improve the performance and reduce overall storage needs by aligning each transaction and its cached data with the same server. |
There was a problem hiding this comment.
Privacy too. The information used for establishing the session on the internet ( the main use of the gateway ), in particular in browser context is very sensitive, used for tracking and may include user-specific info.
There was a problem hiding this comment.
I would also expand on the 'security' - maybe in separate section. Many systems use session persistence as part of authentication - holding user info in a 'server side session' and using the session cookie as a bearer token ( Java but not only)
There was a problem hiding this comment.
Sure, I added a ### Security and Privacy Implications section. Let me know if this addresses this.
site-src/geps/gep-1619.md
Outdated
|
|
||
| **Header-Based Session Persistence** | ||
|
|
||
| Header-based stateful sessions are achieved by a backend providing an arbitrarily-named HTTP response header and the client using the same arbitrarily-named header in subsequent HTTP requests. Proxies can use this arbitrarily-named header to maintain a persistent connection to a single backend server on behalf of the client. |
There was a problem hiding this comment.
I'm not sure 'arbitrarily named' is right. We may support custom names, but I think Java made the right choice to define a 'default' name ( while allowing implementations to customize using their own settings).
I would also use plural - for example in envoy-based persistence it is critical to use a second header to guarantee the same cluster ( aka Service/subset ) is used.
I'm also not sure outside of envoy how many Internet proxies use header based persistence - would be nice having a survey.
Using request parameter ( jsessionid=xxx in java ) is common, using the auth info is even more common. Until envoy - I haven't seen arbitrary header-based persistence.
There was a problem hiding this comment.
Okay, I see. I wrote this using Envoy as my "source", but that's a good point. I made it more generic by removing "arbitrarily named"
site-src/geps/gep-1619.md
Outdated
| | Google Kubernetes Engine | ? | ? | ? | ? | | ||
| | HAProxy Ingress | HAProxy | Cookie-Based | Stick Tables | HAProxy implements cookie-based stateful sessions via the [forwardfor option](https://docs.haproxy.org/2.6/configuration.html#4-option%20forwardfor). [Stick tables](https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#4-stick-table) implement session affinity via client attributes. | | ||
| | HashiCorp Consul | Envoy | [Cookie-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/cookie/v3/cookie.proto), [Header-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/header/v3/header.proto) | Consistent Hashing via [Maglev](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and [Ring Hash](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash)| N/A | | ||
| | Istio | Envoy | [Cookie-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/cookie/v3/cookie.proto), [Header-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/header/v3/header.proto) | Consistent Hashing via [Maglev](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and [Ring Hash](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash)| N/A | |
There was a problem hiding this comment.
https://github.com/istio/istio/blob/master/pilot/pkg/features/pilot.go#L123
Current implementation is based on a Service label - since sessions are associated with a Service ( can't have sessions cross service due to current envoy impl ).
There was a problem hiding this comment.
Okay added a note, let me know if that makes sense or not.
|
Thanks for the update @gcs278 we appreciate that. We'll mark this one in draft for the moment to indicate that active review is not ready just yet, flip the switch when you're ready. |
k8s-ci-robot
added
the
do-not-merge/work-in-progress
k8s-ci-robot
added
size/L
site-src/geps/gep-1619.md
Outdated
| - Identify differences in session persistence functionality between implementations | ||
|
|
||
| ## Non-Goals | ||
| - Create proposals for adding session persistence configuration to Gateway API object specification |
There was a problem hiding this comment.
That's fair, I'll remove it to avoid confusion.
site-src/geps/gep-1619.md
Outdated
| ## Non-Goals | ||
| - Create proposals for adding session persistence configuration to Gateway API object specification | ||
| - Mandate a default or expected session persistence functionality for implementations | ||
| - Require implementations to support session persistence or a specific form of it |
There was a problem hiding this comment.
Got it, will drop this non-goal for now to defer this decision to later PRs.
site-src/geps/gep-1619.md
Outdated
| At the November 28th, 2022 SIG Gateway API meeting, we discussed the idea of standardizing and documenting session persistence (also known as session stickiness). It was recommended that we first generate discussion for how we describe session persistence, agree on how it is achieved, and find out which implementers support session persistence. | ||
|
|
||
| Conformance test for session persistence will be considered if deemed appropriate. Furthermore, this information can be used for developing a Gateway API spec to configure session persistence in the future. |
There was a problem hiding this comment.
So dropping these paragraphs? Sure, it doesn't really add much value to the GEP. Done.
site-src/geps/gep-1619.md
Outdated
|
|
||
| At the November 28th, 2022 SIG Gateway API meeting, we discussed the idea of standardizing and documenting session persistence (also known as session stickiness). It was recommended that we first generate discussion for how we describe session persistence, agree on how it is achieved, and find out which implementers support session persistence. | ||
|
|
||
| Conformance test for session persistence will be considered if deemed appropriate. Furthermore, this information can be used for developing a Gateway API spec to configure session persistence in the future. |
There was a problem hiding this comment.
I've dropped this statement per rob's last comment. I originally was coming at this from the angle of just documenting session persistence and not adding an API field (yet). At that instance in time, with no API fields for session persistence, a conformance test would be to establish default functionality, i.e. an expectation of default session persistence. I should have worded it more like:
Conformance test for default session persistence functionality will be considered if deemed appropriate.
Though, I think this was confusing because I don't think there is precedent of Gateway API conformance testing something that is not a feature controllable by an API field. After more discussion, it sounded like we wanted the API fields established before doing a conformance test. Sounds like we should have conformance test for confirming an API field is functional, not necessarily for prescribing default functionality.
site-src/geps/gep-1619.md
Outdated
| | Envoy Gateway | Envoy | [Cookie-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/cookie/v3/cookie.proto), [Header-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/header/v3/header.proto) | Consistent Hashing via [Maglev](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and [Ring Hash](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash)| N/A | | ||
| | Flomesh Service Mesh | Pipy | ? | ? | ? | | ||
| | Gloo Edge 2.0 | Envoy | [Cookie-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/cookie/v3/cookie.proto), [Header-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/header/v3/header.proto) | Consistent Hashing via [Maglev](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and [Ring Hash](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash)| N/A | | ||
| | Google Kubernetes Engine | ? | ? | ? | ? | |
There was a problem hiding this comment.
Nice thanks. Added. Another naming collision though - Google calls what we call session persistence (with cookies) session affinity. Seems like there isn't a common language between implementation, I worry about this a little. I added a section on naming in alternatives.
site-src/geps/gep-1619.md
Outdated
| | Google Kubernetes Engine | ? | ? | ? | ? | | ||
| | HAProxy Ingress | HAProxy | Cookie-Based | Stick Tables | HAProxy implements cookie-based stateful sessions via the [forwardfor option](https://docs.haproxy.org/2.6/configuration.html#4-option%20forwardfor). [Stick tables](https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#4-stick-table) implement session affinity via client attributes. | | ||
| | HashiCorp Consul | Envoy | [Cookie-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/cookie/v3/cookie.proto), [Header-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/header/v3/header.proto) | Consistent Hashing via [Maglev](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and [Ring Hash](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash)| N/A | | ||
| | Istio | Envoy | [Cookie-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/cookie/v3/cookie.proto), [Header-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/header/v3/header.proto) | Consistent Hashing via [Maglev](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and [Ring Hash](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash)| N/A | |
There was a problem hiding this comment.
Okay added a note, let me know if that makes sense or not.
site-src/geps/gep-1619.md
Outdated
| | Kong | Kong | Cookie-Based | ? | Kong has the [session plugin](https://docs.konghq.com/hub/kong-inc/session/) which manages persistent sessions with cookie-based stateful sessions. | | ||
| | Kuma | Envoy | [Cookie-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/cookie/v3/cookie.proto), [Header-Based](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/stateful_session/header/v3/header.proto) | Consistent Hashing via [Maglev](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev) and [Ring Hash](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash)| N/A | | ||
| | LiteSpeed Ingress Controller | ? | ? | ? | ? | | ||
| | NGINX Kubernetes Gateway | Nginx | ? | ? | ? | |
There was a problem hiding this comment.
Done, tweaked a little bit. Let me know if it looks okay.
site-src/geps/gep-1619.md
Outdated
| | Traefik | Traefik Proxy | Cookie-Based | No | Traefik implements [cookied-based](https://doc.traefik.io/traefik/routing/services/#sticky-sessions) stateful sessions. [Docs](https://traefik.io/glossary/what-are-sticky-sessions/) mention consistent hashing, but Traefik [only offers round robin](https://doc.traefik.io/traefik/routing/services/#load-balancing) (not consistent). | | ||
|
|
||
| ### Open Questions | ||
| - What are the needs and use cases from end users for specifying session persistence? |
There was a problem hiding this comment.
Did you mean a new section dedicated to talking about Java? Or table entries? I started a section, but will probably need your advice on expanding on the content.
Thanks for the doc, it's very thorough. I'll leverage that.
For privacy, I think I addressed that in the new Security and Privacy Implications section. For compliance, could you expand? What compliance requirements are we referring to? Are you saying we should create requirements in this GEP?
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
@shaneutt Thanks - marked back as ready for review, posted responses, and updates to the GEP. |
There was a problem hiding this comment.
I think this is a great starting point, albeit we are already starting to get quite big for a first provisional GEP. So my suggestion is to wrap up any unresolved comments or thoughts into a TODO list (similar to https://gateway-api.sigs.k8s.io/geps/gep-1709/#todo) to mark them as things that can be picked up for follow-up PRs and that we want to resolve before implementable. Once that's done I think we're in a fine place to merge this as Provisional and start thinking about the next iterative steps.
|
I've created a |
There was a problem hiding this comment.
With the TODO list in place for things we need to resolve before implementable, the time this has been up for review, the fact that it's provisional, and that nobody has any blocking comments it seems like now is a good time to get this first pass landed and we can build off from here.
Thanks @gcs278!
/lgtm
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gcs278, shaneutt, sunjayBhatia The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
shaneutt
added
ok-to-test
|
/test all |
What type of PR is this?
/kind gep
What this PR does / why we need it:
Add a GEP for session persistence that establishes the foundation for describing it and establishing a common language.
Which issue(s) this PR fixes:
Doesn't fix, but supports #1619
Does this PR introduce a user-facing change?:
N/A
Markdown Preview: https://github.com/gcs278/gateway-api/blob/gep-1619/site-src/geps/gep-1619.md