Skip to content

NGINX Plus and OSS: Session PersistenceΒ #2676

New issue
New issue
Open
3 of 7 issues completed
Open
NGINX Plus and OSS: Session Persistence#2676
3 of 7 issues completed
Labels
communityepicRepresents an epic. Contains sub-issues
Milestone
v2.3.0
@mpstefan

Description

@mpstefan
mpstefan
opened on Oct 10, 2024

As an application developer using NGF,
I want to route all requests in a given session to the same upstream server,
so that requests do not get sent to other upstreams and sessions are lost.

Goals

  • The requirements are two fold, and can be configured in the UpstreamSettingsPolicy:
  • In NGINX Plus: Full-fledged session persistence using the SessionCookie extension.
  • In NGINX Open Source: Basic session persistence using ip_hash for upstream server selection.
  • NGF users are able to configure session persistence in NGF using one of the methods documented in NGINX Plus documentation (NIC use the the sticky cookie method): https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#session-persistence
  • For OSS, use ip_hash for basic session persistence in the UpstreamSettings Policy.
  • For NGINX Plus, provide users with the ability to configure advanced cookie settings such as httpOnly, secure, and samesite attributes to meet modern security and compliance standards.
  • Integrate session persistence into NGF workflows via HTTPRoute and Gateway API constructs, ensuring simplicity and adherence to Kubernetes-native practices.

See here to learn how NGINX Ingress Controller managed this with a custom Policy: https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/

  • path: Specifies the path for which the cookie is valid. Default should be /.
  • expires: Defines the cookie's expiration time, supporting both time-based (e.g., 1h) and max for long-lived cookies.
  • domain: Allows setting a domain for the cookie.
  • httpOnly: Configures the HttpOnly attribute for enhanced security. Defaults to false.
  • secure: Configures the Secure attribute; must default to false.
  • samesite: Allows configuration of the SameSite attribute with support for strict, lax, and none.

Definition of Done

  • Support cookie-based session persistence for NGINX Plus using the sticky cookie directive.
  • Provide basic IP-based session stickiness for NGINX Open Source using the load balancing method: ip_hash
  • Expose configuration fields consistently via the Gateway API for both implementation types.
  • The extension integrates seamlessly with HTTPRoute and Gateways adheres to Gateway API standards.
  • All configurations are validated, and invalid entries are rejected with clear error messages.
  • Complete user documentation with examples is provided, including configuration fields, usage, and troubleshooting.

Sub-issues

Metadata

Metadata

Assignees

No one assigned

    Labels

    communityepicRepresents an epic. Contains sub-issues

    Type

    No type

    Projects

    NGINX Gateway Fabric

    Status

    πŸ— In Progress

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions