Skip to content

Feat: Add Support for Cookie Attributes in Session Affinity #1826

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 14, 2025
Merged

Feat: Add Support for Cookie Attributes in Session Affinity #1826

merged 5 commits into from
Oct 14, 2025

Conversation

@renatovassaomb
Copy link
Contributor

@renatovassaomb renatovassaomb commented Sep 11, 2025
edited
Loading

Summary

Adding support for specifying all cookie attributes to Session Affinity except Expires, which doesn't look like it would be useful.

Fixes #1527

Changes

  • Updated Istio router to support all cookie attributes when using session affinity.
  • Updated Gateway API (v1 and v1beta1) routers to support all cookie attributes when using session affinity.

Testing

  1. Init workloads
bash test/workloads/init.sh
  1. Create Canary resource
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
  name: podinfo
  namespace: test
spec:
  targetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: podinfo
  progressDeadlineSeconds: 60
  service:
    port: 9898
    portDiscovery: true
  skipAnalysis: false
  analysis:
    interval: 15s
    threshold: 15
    maxWeight: 30
    stepWeight: 10
    sessionAffinity:
      cookieName: my-cookie
      domain: flagger.app
      httpOnly: true
      maxAge: 1200
      partitioned: true
      path: /app
      sameSite: Strict
      secure: true
    webhooks:
      - name: load-test
        url: http://flagger-loadtester.test/
        timeout: 5s
        metadata:
          type: cmd
          cmd: "hey -z 10m -q 10 -c 2 http://podinfo.test:9898/"
          logCmdOutput: "true"
  1. Trigger canary release
kubectl -n test set image deployment/podinfo podinfod=ghcr.io/stefanprodan/podinfo:6.0.1
  1. Wait for canary to advance and check VirtualService routes
kubectl get vs -n test podinfo -o yaml 

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  annotations:
    helm.toolkit.fluxcd.io/driftDetection: disabled
    kustomize.toolkit.fluxcd.io/reconcile: disabled
  creationTimestamp: "2025-09-11T18:38:19Z"
  generation: 3
  name: podinfo
  namespace: test
  ownerReferences:
  - apiVersion: flagger.app/v1beta1
    blockOwnerDeletion: true
    controller: true
    kind: Canary
    name: podinfo
    uid: fa160025-6579-4133-a6a5-6d5600ea9e6b
  resourceVersion: "21157"
  uid: ecd965b5-ab72-4cba-87d0-0204fd283136
spec:
  gateways:
  - mesh
  hosts:
  - podinfo
  http:
  - match:
    - headers:
        Cookie:
          regex: .*my-cookie.*PpzTnjuFDL.*
    name: sticky-route
    route:
    - destination:
        host: podinfo-primary
      weight: 0
    - destination:
        host: podinfo-canary
      weight: 100
  - route:
    - destination:
        host: podinfo-primary
      weight: 90
    - destination:
        host: podinfo-canary
      headers:
        response:
          add:
            Set-Cookie: my-cookie=PpzTnjuFDL; Max-Age=1200; Domain=flagger.app; HttpOnly;
              Partitioned; Path=/app; SameSite=Strict; Secure
      weight: 10

References

@renatovassaomb
Copy link
Contributor Author

renatovassaomb commented Sep 22, 2025

@stefanprodan @aryan9600 Any thoughts?

@renatovassaomb renatovassaomb force-pushed the rv/add-cookie-attributes branch from b67d81d to 0dd9fe9 Compare October 14, 2025 19:00
stefanprodan
stefanprodan reviewed Oct 14, 2025
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please update the docs with all new fields here: https://docs.flagger.app/usage/deployment-strategies#canary-release-with-session-affinity

The source is here: https://github.com/fluxcd/flagger/blob/main/docs/gitbook/usage/deployment-strategies.md#configuring-stickiness-for-primary-deployment

@codecov-commenter
Copy link

codecov-commenter commented Oct 14, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 17.24138% with 24 lines in your changes missing coverage. Please review.
✅ Project coverage is 28.91%. Comparing base (12ee6cb) to head (fab4540).
⚠️ Report is 35 commits behind head on main.

Files with missing lines Patch % Lines
pkg/apis/flagger/v1beta1/canary.go 0.00% 24 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #1826       +/-   ##
===========================================
- Coverage   39.44%   28.91%   -10.54%     
===========================================
  Files         287      287               
  Lines       22706    22909      +203     
===========================================
- Hits         8956     6623     -2333     
- Misses      12777    15561     +2784     
+ Partials      973      725      -248

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@renatovassaomb renatovassaomb force-pushed the rv/add-cookie-attributes branch from 5e873a8 to fab4540 Compare October 14, 2025 20:57
@renatovassaomb
Copy link
Contributor Author

renatovassaomb commented Oct 14, 2025

Thanks for the review @stefanprodan, updated docs with new functionality.

stefanprodan
stefanprodan approved these changes Oct 14, 2025
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @renatovassaomb

@stefanprodan stefanprodan merged commit b772302 into fluxcd:main Oct 14, 2025
30 of 31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

@aryan9600 aryan9600 Awaiting requested review from aryan9600 aryan9600 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow configuring more attributes on the cookie emitted when using Istio canary deployments with session affinity

3 participants

@renatovassaomb @codecov-commenter @stefanprodan