-
Feature Request
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
Engineering
-
-
The configuration generated by the OpenShift router for HAProxy is not sufficiently configurable to efficiently load balance requests to a distributed application deployed as a cluster of EAP pods.
Currently, when configured with a router.openshift.io/cookie_name="INGRESSCOOKIE", the OpenShift router creates HAProxy configuration containing the following:
cookie INGRESSCOOKIE insert indirect nocache httponly
However, the use of "insert indirect" is not ideal for distributed applications on EAP.
For most efficient routing, EAP should be able to see the routing cookie and be able to emit the routing cookie itself. Consequently, EAP customers traditionally configure HAProxy like this:
cookie INGRESSCOOKIE preserve indirect
Additionally, because EAP needs to be able to emit its own routing cookie, we need a way to configure the contents of the cookie such that it aligns with the value expected by HAProxy. Currently, the OpenShift router for HAProxy uses a hash of various fields of the endpoint (e.g. name, address, port, etc.) for its routing cookie contents and is not currently configurable.
In contrast, the HAProxy ingress controller exposes annotations for all of the above.
e.g.
haproxy-ingress.github.io/affinity: cookie
haproxy-ingress.github.io/backend-server-naming: pod
haproxy-ingress.github.io/session-cookie-dynamic: "false"
haproxy-ingress.github.io/session-cookie-keywords: preserve
haproxy-ingress.github.io/session-cookie-preserve: "true"
This issue was originally filed as: https://github.com/openshift/router/issues/446