Merge pull request #1861 from renatovassaomb/rv/istio-primary-cookie-name-support

Feat: Add support for stickiness for primary deployment in Istio

Author: stefanprodan

artifacts/flagger/crd.yaml

@@ -1250,6 +1250,9 @@ spec:
                 sessionAffinityCookie:
                   description: Session affinity cookie of the current canary run
                   type: string
+                primarySessionAffinityCookie:
+                  description: Primary session affinity cookie of the current canary run
+                  type: string
                 previousSessionAffinityCookie:
                   description: Session affinity cookie of the previous canary run
                   type: string

charts/flagger/crds/crd.yaml

@@ -1250,6 +1250,9 @@ spec:
                 sessionAffinityCookie:
                   description: Session affinity cookie of the current canary run
                   type: string
+                primarySessionAffinityCookie:
+                  description: Primary session affinity cookie of the current canary run
+                  type: string
                 previousSessionAffinityCookie:
                   description: Session affinity cookie of the previous canary run
                   type: string

docs/gitbook/tutorials/istio-progressive-delivery.md

@@ -404,6 +404,9 @@ You can load `app.example.com` in your browser and refresh it until you see the
 All subsequent requests after that will be served by `podinfo:6.0.1` and not `podinfo:6.0.0` because of the session affinity
 configured by Flagger with Istio.
 
+To configure stickiness for the Primary deployment to ensure fair weighted traffic routing, please
+checkout the [deployment strategies docs](../usage/deployment-strategies.md#canary-release-with-session-affinity).
+
 ## Traffic mirroring
 
 ![Flagger Canary Traffic Shadowing](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-canary-traffic-mirroring.png)

docs/gitbook/usage/deployment-strategies.md

@@ -474,7 +474,7 @@ can also configure stickiness for the Primary deployment. You can configure this
       primaryCookieName: primary-flagger-cookie
 ```
 
-> Note: This is only supported for the Gateway API provider for now.
+> Note: This is only supported for the Gateway API and Istio providers for now.
 
 Let's understand what the above configuration does. All the session affinity stuff in the above section
 still occurs, but now the response header for requests routed to the primary deployment also include a

kustomize/base/flagger/crd.yaml

@@ -1250,6 +1250,9 @@ spec:
                 sessionAffinityCookie:
                   description: Session affinity cookie of the current canary run
                   type: string
+                primarySessionAffinityCookie:
+                  description: Primary session affinity cookie of the current canary run
+                  type: string
                 previousSessionAffinityCookie:
                   description: Session affinity cookie of the previous canary run
                   type: string

pkg/apis/flagger/v1beta1/canary.go

@@ -706,9 +706,9 @@ func (c *Canary) DeploymentStrategy() string {
 }
 
 // BuildCookie returns the cookie that should be used as the value of a Set-Cookie header
-func (s *SessionAffinity) BuildCookie(cookieName string) string {
+func (s *SessionAffinity) BuildCookie(cookieName string, maxAge int) string {
 	cookie := fmt.Sprintf("%s; %s=%d", cookieName, "Max-Age",
-		s.GetMaxAge(),
+		maxAge,
 	)
 
 	if s.Domain != "" {

pkg/apis/flagger/v1beta1/status.go

@@ -78,6 +78,8 @@ type CanaryStatus struct {
 	// +optional
 	SessionAffinityCookie string `json:"sessionAffinityCookie,omitempty"`
 	// +optional
+	PrimarySessionAffinityCookie string `json:"primarySessionAffinityCookie,omitempty"`
+	// +optional
 	TrackedConfigs *map[string]string `json:"trackedConfigs,omitempty"`
 	// +optional
 	LastAppliedSpec string `json:"lastAppliedSpec,omitempty"`

pkg/router/gateway_api.go

@@ -492,7 +492,10 @@ func (gwr *GatewayAPIRouter) getSessionAffinityRouteRules(canary *flaggerv1.Cana
 		if canary.Status.SessionAffinityCookie == "" {
 			canary.Status.SessionAffinityCookie = fmt.Sprintf("%s=%s", canary.Spec.Analysis.SessionAffinity.CookieName, randSeq())
 		}
-		primaryCookie := fmt.Sprintf("%s=%s", canary.Spec.Analysis.SessionAffinity.PrimaryCookieName, randSeq())
+		// if the status doesn't have the primary cookie, then generate a new primary cookie.
+		if canary.Status.PrimarySessionAffinityCookie == "" {
+			canary.Status.PrimarySessionAffinityCookie = fmt.Sprintf("%s=%s", canary.Spec.Analysis.SessionAffinity.PrimaryCookieName, randSeq())
+		}
 
 		// add response modifier to the canary backend ref in the rule that does weighted routing
 		// to include the canary cookie.
@@ -503,7 +506,7 @@ func (gwr *GatewayAPIRouter) getSessionAffinityRouteRules(canary *flaggerv1.Cana
 				Add: []v1.HTTPHeader{
 					{
 						Name:  setCookieHeader,
-						Value: canary.Spec.Analysis.SessionAffinity.BuildCookie(canary.Status.SessionAffinityCookie),
+						Value: canary.Spec.Analysis.SessionAffinity.BuildCookie(canary.Status.SessionAffinityCookie, canary.Spec.Analysis.SessionAffinity.GetMaxAge()),
 					},
 				},
 			},
@@ -522,10 +525,8 @@ func (gwr *GatewayAPIRouter) getSessionAffinityRouteRules(canary *flaggerv1.Cana
 				ResponseHeaderModifier: &v1.HTTPHeaderFilter{
 					Add: []v1.HTTPHeader{
 						{
-							Name: setCookieHeader,
-							Value: fmt.Sprintf("%s; %s=%d", primaryCookie, maxAgeAttr,
-								int(interval.Seconds()),
-							),
+							Name:  setCookieHeader,
+							Value: canary.Spec.Analysis.SessionAffinity.BuildCookie(canary.Status.PrimarySessionAffinityCookie, int(interval.Seconds())),
 						},
 					},
 				},
@@ -566,7 +567,7 @@ func (gwr *GatewayAPIRouter) getSessionAffinityRouteRules(canary *flaggerv1.Cana
 		// primary cookie and send them to the primary backend, only if a primary cookie name has
 		// been specified.
 		if canary.Spec.Analysis.SessionAffinity.PrimaryCookieName != "" {
-			cookieKeyAndVal = strings.Split(primaryCookie, "=")
+			cookieKeyAndVal = strings.Split(canary.Status.PrimarySessionAffinityCookie, "=")
 			regexMatchType = v1.HeaderMatchRegularExpression
 			primaryCookieMatch := v1.HTTPRouteMatch{
 				Headers: []v1.HTTPHeaderMatch{

pkg/router/gateway_api_v1beta1.go

@@ -424,7 +424,7 @@ func (gwr *GatewayAPIV1Beta1Router) getSessionAffinityRouteRules(canary *flagger
 						Add: []v1beta1.HTTPHeader{
 							{
 								Name:  setCookieHeader,
-								Value: canary.Spec.Analysis.SessionAffinity.BuildCookie(canary.Status.SessionAffinityCookie),
+								Value: canary.Spec.Analysis.SessionAffinity.BuildCookie(canary.Status.SessionAffinityCookie, canary.Spec.Analysis.SessionAffinity.GetMaxAge()),
 							},
 						},
 					},