Add session persistence conformance tests#4482
Add session persistence conformance tests#4482salonichf5 wants to merge 2 commits intokubernetes-sigs:mainfrom
Conversation
k8s-ci-robot
added
release-note-none
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: salonichf5 The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
k8s-ci-robot
added
do-not-merge/hold
|
Hi @salonichf5. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Thanks @salonichf5! /ok-to-test |
|
@robscott: GitHub didn't allow me to request PR reviews from the following users: DamianSawicki. Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
ok-to-test
geps/gep-1619/index.md
Outdated
|
|
||
| | Session Persistence with cookieConfig.lifetimeType: Permanent and absoluteTimeout: 5min. | HTTPRoute MUST have Accepted=True in parent status. Response Set-Cookie header MUST contain `expiry` attribute. The expiry value MUST correspond to the configured absoluteTimeout duration. Session persistence MUST function correctly until cookie expires. | HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie, HTTPRouteSessionPersistenceCookiePermanentLifetime | | ||
|
|
||
| | Session Persistence Scoped to Route Rule: HTTPRoute with two rules: Rule 1 (path /a) and Rule 2 (path /b), both with sessionPersistence configured, routing to the same backend Service with multiple pods. | HTTPRoute MUST have Accepted=True in parent status. Sessions MUST NOT be shared between /a and /b. Verify with: 1) Request to /a establishes session to Pod-X, 2) Request to /b may route to any pod (Pod-X or Pod-Y), 3) Subsequent requests to /a with session cookie MUST still route to Pod-X, 4) Subsequent requests to /b with its session cookie MUST route to whichever pod was selected for /b. | HTTPRouteSessionPersistence | |
There was a problem hiding this comment.
- Request to /b may route to any pod (Pod-X or Pod-Y)
To confirm this, we'd also need to send multiple requests. It may be obvious to the author, but perhaps it would be good to spell it out in the GEP for all readers.
Subsequent requests to /b with its session cookie MUST route to whichever pod was selected for /b
Well, with multiple requests it will be multiple pods.
DamianSawicki
left a comment
DamianSawicki
left a comment
There was a problem hiding this comment.
A few more thoughts.
| | :---- | :---- | :---- | | ||
| | Simple Cookie Session Persistence: An HTTPRoute with sessionPersistence configured with type: Cookie (default) on a single backend in gateway-conformance-infra namespace. | HTTPRoute MUST have Accepted=True in parent status. First request MUST receive a Set-Cookie header in response. Subsequent requests with the cookie MUST route to the same backend pod. Verify by checking pod identity across N requests (N>=50). | HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie | | ||
|
|
||
| | Session Cookie Lifetime (Default): HTTPRoute with sessionPersistence and cookieConfig.lifetimeType: Session (default). | HTTPRoute MUST have Accepted=True in parent status. Cookie MUST NOT contain `expiry` attributes. | HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie | |
There was a problem hiding this comment.
What about the case of two paths in one rule?
kind: HTTPRoute
metadata:
name: routeX
spec:
rules:
- matches:
- path:
value: /a
- path:
value: /b
backendRefs:
- name: servicev1
sessionPersistence:
name: session
should they be shared? I guess it may be technically challenging because there can be only one path specified in Set-Cookie (link). Do we want to specify the behavior here or leave it as implementation specific?
There was a problem hiding this comment.
I wanted to keep it implementation specific only because how the path is determined for the session could be product specific. For NGINX, we take the longest common prefix of shared sessions for multiple path, and use that. But I would have to do some research for other implementations.
There was a problem hiding this comment.
Agree, I want to update this in the GEP, it doesn't specify how or if the two paths on the same rule should share. I think it's likely we should prescribe sharing in the GEP, and then we can follow up with a new conformance test. For now, the current tests are fine.
| @@ -1077,6 +1077,29 @@ TODO | |||
| - How do we provide a standard way to communicate that an implementation does not support Route Rule API? | |||
| - Do we want something conceptually similar to the `IncompatibleFilters` reason? | |||
|
|
|||
There was a problem hiding this comment.
This is not directly relevant to the changes in this PR, but before graduating the feature to Standard it would be good to have clarity about field names. I see sessionPersistence.sessionName and sessionPersistence.name used interchangeably in the GEP.
In sessionPersistence.sessionName we are repeating "session", which is generally discouraged. It also makes a misleading impression that this feature is about establishing some "session".
To be in line with the comment in the code snippet, it should ideally be sessionPersistence.tokenName, but that's probably overly technical, so perhaps sessionPersistence.name is close enough.
There was a problem hiding this comment.
@DamianSawicki I agree with your points. I think name would work better. I can take this as an action when I update the GEP for #4268.
| ### Feature Names | ||
|
|
||
| * HTTPRouteSessionPersistence - Base feature for session persistence support | ||
| * HTTPRouteSessionPersistenceCookie - Cookie-based session persistence (Core) |
There was a problem hiding this comment.
What is meant here by (Core)? As per
gateway-api/geps/gep-1619/index.md
Lines 619 to 622 in d8bb5d9
Extended rather than Core support on HTTPRoute, and similarly for GRPCRoute and BackendLBPolicy. As per https://gateway-api.sigs.k8s.io/concepts/conformance/#overlapping-support-levels, the entire feature should be in Extended support.
There was a problem hiding this comment.
Right - you should actually remove HTTPRouteSessionPersistenceCookie altogether. The base/generic feature HTTPRouteSessionPersistence is the core functionality of the extended feature, which includes Cookie persistence, so to be consistent with other features, we should keep
HTTPRoute (Core)
│
└─ HTTPRouteSessionPersistence (Extended)
│ ├── Type: Cookie (core for HTTPRouteSessionPersistence)
│ └── LifetimeType: Session (core for HTTPRouteSessionPersistence)
│
└── HTTPRouteSessionPersistenceCookieLifetimeTypePermanent (Extended)
└── LifetimeType: Permanent (Extended)
|
|
||
| ## Conformance Details | ||
|
|
||
| ### Feature Names |
There was a problem hiding this comment.
What about the support in GRPCRoute and BackendLBPolicy? Is the intention here to prepare conformance tests for the HTTPRoute part and graduate it selectively to Standard, while keeping the rest in Experimental?
There was a problem hiding this comment.
I think there's been some discussion around BackendLBPolicy to be retired so its been skipped on purpose. I need to add these for GRPR too, good catch
to just get started initial recommendation was this
There was a problem hiding this comment.
I'm good with delaying BackendTrafficPolicy, as that is being re-considered. For GRPCRoute, you could add it here in this PR if you feel it's simple/similar enough, however I fine to add it in a follow-up PR.
|
@DamianSawicki some things might feel unclear but we are also waiting on @gcs278 update of the GEP as per this issue I have made a note that we need:
@gcs278 I think in your update of the GEP you could tackle point 3. and 4. , if that is okay? |
salonichf5
force-pushed
the
feat/conformance-session-persistence
branch
from
cb7e0a3 to
007d458
Compare
gcs278
left a comment
gcs278
left a comment
There was a problem hiding this comment.
@salonichf5 Thanks for the PR! Looks like a great start. I'm sorry about the delay in reviewing.
| @@ -1077,6 +1077,29 @@ TODO | |||
| - How do we provide a standard way to communicate that an implementation does not support Route Rule API? | |||
| - Do we want something conceptually similar to the `IncompatibleFilters` reason? | |||
|
|
|||
There was a problem hiding this comment.
@DamianSawicki I agree with your points. I think name would work better. I can take this as an action when I update the GEP for #4268.
|
|
||
| ## Conformance Details | ||
|
|
||
| ### Feature Names |
There was a problem hiding this comment.
I'm good with delaying BackendTrafficPolicy, as that is being re-considered. For GRPCRoute, you could add it here in this PR if you feel it's simple/similar enough, however I fine to add it in a follow-up PR.
| ### Feature Names | ||
|
|
||
| * HTTPRouteSessionPersistence - Base feature for session persistence support | ||
| * HTTPRouteSessionPersistenceCookie - Cookie-based session persistence (Core) |
There was a problem hiding this comment.
Right - you should actually remove HTTPRouteSessionPersistenceCookie altogether. The base/generic feature HTTPRouteSessionPersistence is the core functionality of the extended feature, which includes Cookie persistence, so to be consistent with other features, we should keep
HTTPRoute (Core)
│
└─ HTTPRouteSessionPersistence (Extended)
│ ├── Type: Cookie (core for HTTPRouteSessionPersistence)
│ └── LifetimeType: Session (core for HTTPRouteSessionPersistence)
│
└── HTTPRouteSessionPersistenceCookieLifetimeTypePermanent (Extended)
└── LifetimeType: Permanent (Extended)
| * HTTPRouteSessionPersistence - Base feature for session persistence support | ||
| * HTTPRouteSessionPersistenceCookie - Cookie-based session persistence (Core) | ||
| * HTTPRouteSessionPersistenceCookieLifetimeTypePermanent - Permanent Lifetime for cookie-based session persistence (extended) | ||
|
|
There was a problem hiding this comment.
We should probably drop a note that this is still WIP, so folks aren't confused why it's not complete.
| **Note**: Conformance tests are still WIP, and additional test coverage will be added in future PRs. |
| | Simple Cookie Session Persistence: An HTTPRoute with sessionPersistence configured with type: Cookie (default) on a single backend in gateway-conformance-infra namespace. | HTTPRoute MUST have Accepted=True in parent status. First request MUST receive a Set-Cookie header in response. Subsequent requests with the cookie MUST route to the same backend pod. Verify by checking pod identity across N requests (N>=50). | HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie | | ||
| | Session Cookie Lifetime (Default): HTTPRoute with sessionPersistence and cookieConfig.lifetimeType: Session (default). | HTTPRoute MUST have Accepted=True in parent status. Cookie MUST NOT contain `expiry` attributes. | HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie | | ||
| | Multiple Weighted Backends - Initial Distribution Honored: HTTPRoute with sessionPersistence and multiple backendRefs with weights (e.g., 70/30) on a path. | HTTPRoute MUST have Accepted=True in parent status. Initial requests (without session cookie) MUST respect weight distribution (~70/30 within statistical tolerance). Once session is established, subsequent requests with cookie MUST route to the same backend regardless of weight configuration.| HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie | | ||
| | Session Persistence with cookieConfig.lifetimeType: Permanent and absoluteTimeout: 5min. | HTTPRoute MUST have Accepted=True in parent status. Response Set-Cookie header MUST contain `expiry` attribute. The expiry value MUST correspond to the configured absoluteTimeout duration. Session persistence MUST function correctly until cookie expires. | HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie, HTTPRouteSessionPersistenceCookieLifetimeTypePermanent | |
There was a problem hiding this comment.
nit consider moving this down to the bottom, to have the core tests first, then the extended.
| | :---- | :---- | :---- | | ||
| | Simple Cookie Session Persistence: An HTTPRoute with sessionPersistence configured with type: Cookie (default) on a single backend in gateway-conformance-infra namespace. | HTTPRoute MUST have Accepted=True in parent status. First request MUST receive a Set-Cookie header in response. Subsequent requests with the cookie MUST route to the same backend pod. Verify by checking pod identity across N requests (N>=50). | HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie | | ||
|
|
||
| | Session Cookie Lifetime (Default): HTTPRoute with sessionPersistence and cookieConfig.lifetimeType: Session (default). | HTTPRoute MUST have Accepted=True in parent status. Cookie MUST NOT contain `expiry` attributes. | HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie | |
There was a problem hiding this comment.
Agree, I want to update this in the GEP, it doesn't specify how or if the two paths on the same rule should share. I think it's likely we should prescribe sharing in the GEP, and then we can follow up with a new conformance test. For now, the current tests are fine.
| @@ -1064,8 +1064,6 @@ supported by some implementations due to their current designs. | |||
|
|
|||
| ### Conformance Details | |||
There was a problem hiding this comment.
Let's remove this section. I think the template has changed a couple times, and what you have below is fine.
| ### Conformance Details |
5 participants
What type of PR is this?
/kind gep
/kind test
Optionally add one or more of the following kinds if applicable:
/area conformance-test
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #4258
Does this PR introduce a user-facing change?:
NONE