Hi Everyone,
I need some help with Kong. I have just started playing around Kong.
My high level design:
Kong is sitting behind ALB on an EKS cluster. And Kong is acting as a gateway and forwarding request to the backend services.
ALB → Multi instance Kong → Multi instance backend services(pods)
My use case:
Multiple clients connect with ALB and they upload images. We run multiple instances of backend services as pods. Now we want to send one complete image to one single pod and for this we need session based stickiness.(we can not use IP based stickiness)
If we enabled duration based cookies on ALB for achieving stickiness then traffic from a particular client will go to a particular Kong instance. Now from Kong to backend pods how can I make sure that the traffic should go to a particular pod during an image upload from a client ?
Can we achieve this by using the session plugin provided by Kong ? If yes then how ?
Does session plugin need any other plugin(auth plugin) for generating session ?
Is it possible to achieve stickiness in DBLess mode ?
Do I need to use hash_on, hash_on_cookie, hash_on_cookie_path for achieving stickiness ? If yes then how can I configure it in DBLess mode in the helm chart ?
Thanks
This is my declarative-config.yaml for my Kong running in DBLess mode.
The below config I am using to achieve stickiness. (I have used ALB ingress controller in front of kong gateway and kong gateway is in front of multiple instances of httpserver)
But I am not able to achieve stickiness with the below config, I am not sure what I am missing here.
Can someone please help me with this.
_format_version: "1.1"
services:
- name: httpserver-service
host: httpserver-service-upstream
routes:
- name: duration
paths:
- /api/v1/serverservice/
- name: httpserver-service-health
url: http://httpserver-service.default.svc.cluster.local:8084
routes:
- name: health
paths:
- /api/v1/healthservice/
upstreams:
- name: httpserver-service-upstream
algorithm: "round-robin"
hash_on: "cookie"
hash_on_cookie: "my-test-cookie"
hash_on_cookie_path: "/"
targets:
- target: httpserver-service.default.svc.cluster.local:8084
consumers:
- username: some-consumer-user
custom_id: some-consumer-123
plugins:
- name: session
service: httpserver-service
route: duration
config:
cookie_path: /
cookie_name: my-test-cookie
storage: cookie
cookie_secure: false
cookie_httponly: false
cookie_samesite: None
- name: hmac-auth
service: httpserver-service
config:
validate_request_body: true
enforce_headers:
- date
- request-line
- digest
algorithms:
- hmac-sha512
hmacauth_credentials:
- consumer: some-consumer-user
username: some-auth-user
secret: SOME-SECRET-KEY