Add session persistence conformance tests #4482
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||
|---|---|---|---|---|---|---|---|---|
|
|
@@ -1064,8 +1064,6 @@ supported by some implementations due to their current designs. | |||||||
|
|
||||||||
| ### Conformance Details | ||||||||
|
|
||||||||
| ### Open Questions | ||||||||
|
|
||||||||
| - What happens when session persistence causes traffic splitting scenarios to overload a backend? | ||||||||
|
|
@@ -1077,6 +1075,24 @@ TODO | |||||||
| - How do we provide a standard way to communicate that an implementation does not support Route Rule API? | ||||||||
salonichf5 marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||||
| - Do we want something conceptually similar to the `IncompatibleFilters` reason? | ||||||||
|
|
||||||||
|
Contributor
There was a problem hiding this comment. This is not directly relevant to the changes in this PR, but before graduating the feature to Standard it would be good to have clarity about field names. I see In To be in line with the comment in the code snippet, it should ideally be
Contributor
There was a problem hiding this comment. @DamianSawicki I agree with your points. I think |
||||||||
| ## Conformance Details | ||||||||
|
|
||||||||
| ### Feature Names | ||||||||
|
Contributor
There was a problem hiding this comment. What about the support in GRPCRoute and BackendLBPolicy? Is the intention here to prepare conformance tests for the HTTPRoute part and graduate it selectively to Standard, while keeping the rest in Experimental?
Contributor
Author
There was a problem hiding this comment. I think there's been some discussion around BackendLBPolicy to be retired so its been skipped on purpose. I need to add these for GRPR too, good catch
Contributor
There was a problem hiding this comment. I'm good with delaying |
||||||||
|
|
||||||||
| * HTTPRouteSessionPersistence - Base feature for session persistence support | ||||||||
| * HTTPRouteSessionPersistenceCookie - Cookie-based session persistence (Core) | ||||||||
|
Contributor
There was a problem hiding this comment. What is meant here by gateway-api/geps/gep-1619/index.md Lines 619 to 622 in d8bb5d9 Extended rather than Core support on HTTPRoute, and similarly for GRPCRoute and BackendLBPolicy. As per https://gateway-api.sigs.k8s.io/concepts/conformance/#overlapping-support-levels, the entire feature should be in Extended support.
Contributor
There was a problem hiding this comment. Right - you should actually remove |
||||||||
| * HTTPRouteSessionPersistenceCookieLifetimeTypePermanent - Permanent Lifetime for cookie-based session persistence (extended) | ||||||||
|
|
||||||||
|
Contributor
There was a problem hiding this comment. We should probably drop a note that this is still WIP, so folks aren't confused why it's not complete.
Suggested change
|
||||||||
| ### Conformance tests | ||||||||
|
|
||||||||
| | Description | Outcome | Features | | ||||||||
| | :---- | :---- | :---- | | ||||||||
| | Simple Cookie Session Persistence: An HTTPRoute with sessionPersistence configured with type: Cookie (default) on a single backend in gateway-conformance-infra namespace. | HTTPRoute MUST have Accepted=True in parent status. First request MUST receive a Set-Cookie header in response. Subsequent requests with the cookie MUST route to the same backend pod. Verify by checking pod identity across N requests (N>=50). | HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie | | ||||||||
| | Session Cookie Lifetime (Default): HTTPRoute with sessionPersistence and cookieConfig.lifetimeType: Session (default). | HTTPRoute MUST have Accepted=True in parent status. Cookie MUST NOT contain `expiry` attributes. | HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie | | ||||||||
salonichf5 marked this conversation as resolved.
Show resolved
Hide resolved
Contributor
There was a problem hiding this comment. What about the case of two paths in one rule? should they be shared? I guess it may be technically challenging because there can be only one path specified in Set-Cookie (link). Do we want to specify the behavior here or leave it as implementation specific?
Contributor
Author
There was a problem hiding this comment. I wanted to keep it implementation specific only because how the path is determined for the session could be product specific. For NGINX, we take the longest common prefix of shared sessions for multiple path, and use that. But I would have to do some research for other implementations.
Contributor
There was a problem hiding this comment. Agree, I want to update this in the GEP, it doesn't specify how or if the two paths on the same rule should share. I think it's likely we should prescribe sharing in the GEP, and then we can follow up with a new conformance test. For now, the current tests are fine. |
||||||||
| | Multiple Weighted Backends - Initial Distribution Honored: HTTPRoute with sessionPersistence and multiple backendRefs with weights (e.g., 70/30) on a path. | HTTPRoute MUST have Accepted=True in parent status. Initial requests (without session cookie) MUST respect weight distribution (~70/30 within statistical tolerance). Once session is established, subsequent requests with cookie MUST route to the same backend regardless of weight configuration.| HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie | | ||||||||
| | Session Persistence with cookieConfig.lifetimeType: Permanent and absoluteTimeout: 5min. | HTTPRoute MUST have Accepted=True in parent status. Response Set-Cookie header MUST contain `expiry` attribute. The expiry value MUST correspond to the configured absoluteTimeout duration. Session persistence MUST function correctly until cookie expires. | HTTPRouteSessionPersistence, HTTPRouteSessionPersistenceCookie, HTTPRouteSessionPersistenceCookieLifetimeTypePermanent | | ||||||||
|
Contributor
There was a problem hiding this comment. nit consider moving this down to the bottom, to have the core tests first, then the extended. |
||||||||
| | Session Persistence Scoped to Route Rule: HTTPRoute with two rules: Rule 1 (path /a) and Rule 2 (path /b), both with sessionPersistence configured, routing to the same backend Service with multiple pods. | HTTPRoute MUST have Accepted=True in parent status. Sessions MUST NOT be shared between /a and /b. Verify with: 1) Requests to /a establishes session to Pod-X, 2) Requests to /b may route to any pod (Pod-X or Pod-Y), 3) N Multiple requests to /a with session cookie MUST still route to Pod-X, 4) N Multiple requests to /b with its session cookie MUST route to whichever pod was selected for /b. | HTTPRouteSessionPersistence | | ||||||||
|
|
||||||||
| ## TODO | ||||||||
|
|
||||||||
| The following are items that we intend to resolve in future revisions: | ||||||||
|
|
||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's remove this section. I think the template has changed a couple times, and what you have below is fine.