ingress-nginx-helm/rootfs/etc/nginx/lua/balancer/sticky.lua

local balancer_resty = require("balancer.resty")
local ck = require("resty.cookie")
local ngx_balancer = require("ngx.balancer")
local split = require("util.split")
local same_site = require("util.same_site")

local _M = balancer_resty:new()
local DEFAULT_COOKIE_NAME = "route"

function _M.cookie_name(self)
  return self.cookie_session_affinity.name or DEFAULT_COOKIE_NAME
end

function _M.new(self)
  local o = {
    alternative_backends = nil,
    cookie_session_affinity = nil,
    traffic_shaping_policy = nil
  }

  setmetatable(o, self)
  self.__index = self

  return o
end

function _M.get_cookie(self)
  local cookie, err = ck:new()
  if not cookie then
    ngx.log(ngx.ERR, err)
  end

  return cookie:get(self:cookie_name())
end

function _M.set_cookie(self, value)
  local cookie, err = ck:new()
  if not cookie then
    ngx.log(ngx.ERR, err)
  end

  local cookie_path = self.cookie_session_affinity.path
  if not cookie_path then
    cookie_path = ngx.var.location_path
  end

  local cookie_samesite = self.cookie_session_affinity.samesite
  if cookie_samesite then
    local cookie_conditional_samesite_none = self.cookie_session_affinity.conditional_samesite_none
    if cookie_conditional_samesite_none
        and cookie_samesite == "None"
        and not same_site.same_site_none_compatible(ngx.var.http_user_agent) then
      cookie_samesite = nil
    end
  end

  if cookie_samesite then
    cookie_path = cookie_path .. "; SameSite=" .. cookie_samesite
  end

  local cookie_data = {
    key = self:cookie_name(),
    value = value,
    path = cookie_path,
    httponly = true,
    secure = ngx.var.https == "on",
  }

  if self.cookie_session_affinity.expires and self.cookie_session_affinity.expires ~= "" then
      cookie_data.expires = ngx.cookie_time(ngx.time() + tonumber(self.cookie_session_affinity.expires))
  end

  if self.cookie_session_affinity.maxage and self.cookie_session_affinity.maxage ~= "" then
    cookie_data.max_age = tonumber(self.cookie_session_affinity.maxage)
  end

  local ok
  ok, err = cookie:set(cookie_data)
  if not ok then
    ngx.log(ngx.ERR, err)
  end
end

function _M.get_last_failure()
  return ngx_balancer.get_last_failure()
end

local function get_failed_upstreams()
  local indexed_upstream_addrs = {}
  local upstream_addrs = split.split_upstream_var(ngx.var.upstream_addr) or {}

  for _, addr in ipairs(upstream_addrs) do
    indexed_upstream_addrs[addr] = true
  end

  return indexed_upstream_addrs
end

local function should_set_cookie(self)
  local host = ngx.var.host
  if ngx.var.server_name == '_' then
    host = ngx.var.server_name
  end

  if self.cookie_session_affinity.locations then
    local locs = self.cookie_session_affinity.locations[host]
    if locs == nil then
      -- Based off of wildcard hostname in ../certificate.lua
      local wildcard_host, _, err = ngx.re.sub(host, "^[^\\.]+\\.", "*.", "jo")
      if err then
        ngx.log(ngx.ERR, "error: ", err);
      elseif wildcard_host then
        locs = self.cookie_session_affinity.locations[wildcard_host]
      end
    end

    if locs ~= nil then
      for _, path in pairs(locs) do
        if ngx.var.location_path == path then
          return true
        end
      end
    end
  end

  return false
end

function _M.balance(self)
  local upstream_from_cookie

  local key = self:get_cookie()
  if key then
    upstream_from_cookie = self.instance:find(key)
  end

  local last_failure = self.get_last_failure()
  local should_pick_new_upstream = last_failure ~= nil and self.cookie_session_affinity.change_on_failure or
    upstream_from_cookie == nil

  if not should_pick_new_upstream then
    return upstream_from_cookie
  end

  local new_upstream

  new_upstream, key = self:pick_new_upstream(get_failed_upstreams())
  if not new_upstream then
    ngx.log(ngx.WARN, string.format("failed to get new upstream; using upstream %s", new_upstream))
  elseif should_set_cookie(self) then
    self:set_cookie(key)
  end

  return new_upstream
end

function _M.sync(self, backend)
  -- reload balancer nodes
  balancer_resty.sync(self, backend)

  self.traffic_shaping_policy = backend.trafficShapingPolicy
  self.alternative_backends = backend.alternativeBackends
  self.cookie_session_affinity = backend.sessionAffinityConfig.cookieSessionAffinity
end

return _M
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00			`local balancer_resty = require("balancer.resty")`
			`local ck = require("resty.cookie")`
Added support for annotation `session-cookie-change-on-failure` 1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`). 2. Added tests to check both cases. 3. Updated docs. Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com> 2019-04-29 13:20:30 +00:00			`local ngx_balancer = require("ngx.balancer")`
			`local split = require("util.split")`
Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility 2020-01-22 20:19:16 +00:00			`local same_site = require("util.same_site")`
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00
Converted sticky session balancers into separate classes. 2019-08-30 16:07:24 +00:00			`local _M = balancer_resty:new()`
Fix session-cookie-* annotation reloading 2019-02-19 22:27:08 +00:00			`local DEFAULT_COOKIE_NAME = "route"`
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00
Fix session-cookie-* annotation reloading 2019-02-19 22:27:08 +00:00			`function _M.cookie_name(self)`
			`return self.cookie_session_affinity.name or DEFAULT_COOKIE_NAME`
			`end`

Converted sticky session balancers into separate classes. 2019-08-30 16:07:24 +00:00			`function _M.new(self)`
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00			`local o = {`
Converted sticky session balancers into separate classes. 2019-08-30 16:07:24 +00:00			`alternative_backends = nil,`
			`cookie_session_affinity = nil,`
			`traffic_shaping_policy = nil`
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00			`}`
Converted sticky session balancers into separate classes. 2019-08-30 16:07:24 +00:00
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00			`setmetatable(o, self)`
			`self.__index = self`
Converted sticky session balancers into separate classes. 2019-08-30 16:07:24 +00:00
			`return o`
Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475 2019-08-30 09:40:29 +00:00			`end`

			`function _M.get_cookie(self)`
			`local cookie, err = ck:new()`
			`if not cookie then`
			`ngx.log(ngx.ERR, err)`
			`end`

			`return cookie:get(self:cookie_name())`
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00			`end`

Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475 2019-08-30 09:40:29 +00:00			`function _M.set_cookie(self, value)`
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00			`local cookie, err = ck:new()`
			`if not cookie then`
			`ngx.log(ngx.ERR, err)`
			`end`

Fix session-cookie-* annotation reloading 2019-02-19 22:27:08 +00:00			`local cookie_path = self.cookie_session_affinity.path`
Add annotation for session affinity path 2018-11-19 14:15:24 +00:00			`if not cookie_path then`
			`cookie_path = ngx.var.location_path`
			`end`

Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility 2020-01-22 20:19:16 +00:00			`local cookie_samesite = self.cookie_session_affinity.samesite`
			`if cookie_samesite then`
			`local cookie_conditional_samesite_none = self.cookie_session_affinity.conditional_samesite_none`
			`if cookie_conditional_samesite_none`
			`and cookie_samesite == "None"`
			`and not same_site.same_site_none_compatible(ngx.var.http_user_agent) then`
			`cookie_samesite = nil`
			`end`
			`end`

			`if cookie_samesite then`
			`cookie_path = cookie_path .. "; SameSite=" .. cookie_samesite`
			`end`

Support cookie expires 2018-10-29 07:21:10 +00:00			`local cookie_data = {`
Fix session-cookie-* annotation reloading 2019-02-19 22:27:08 +00:00			`key = self:cookie_name(),`
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00			`value = value,`
Add annotation for session affinity path 2018-11-19 14:15:24 +00:00			`path = cookie_path,`
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00			`httponly = true,`
[1759] Ingress affinity session cookie with Secure flag for HTTPS Signed-off-by: Fabian Topfstedt <topfstedt@schneevonmorgen.com> 2018-12-04 09:51:52 +00:00			`secure = ngx.var.https == "on",`
Support cookie expires 2018-10-29 07:21:10 +00:00			`}`

Fix session-cookie-* annotation reloading 2019-02-19 22:27:08 +00:00			`if self.cookie_session_affinity.expires and self.cookie_session_affinity.expires ~= "" then`
			`cookie_data.expires = ngx.cookie_time(ngx.time() + tonumber(self.cookie_session_affinity.expires))`
Support cookie expires 2018-10-29 07:21:10 +00:00			`end`

Fix session-cookie-* annotation reloading 2019-02-19 22:27:08 +00:00			`if self.cookie_session_affinity.maxage and self.cookie_session_affinity.maxage ~= "" then`
			`cookie_data.max_age = tonumber(self.cookie_session_affinity.maxage)`
Support cookie expires 2018-10-29 07:21:10 +00:00			`end`

			`local ok`
			`ok, err = cookie:set(cookie_data)`
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00			`if not ok then`
			`ngx.log(ngx.ERR, err)`
			`end`
			`end`

Added support for annotation `session-cookie-change-on-failure` 1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`). 2. Added tests to check both cases. 3. Updated docs. Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com> 2019-04-29 13:20:30 +00:00			`function _M.get_last_failure()`
			`return ngx_balancer.get_last_failure()`
			`end`

bugfix: check all previously failing upstreams, not just the last one 2019-06-06 20:40:59 +00:00			`local function get_failed_upstreams()`
			`local indexed_upstream_addrs = {}`
			`local upstream_addrs = split.split_upstream_var(ngx.var.upstream_addr) or {}`

			`for _, addr in ipairs(upstream_addrs) do`
			`indexed_upstream_addrs[addr] = true`
			`end`

			`return indexed_upstream_addrs`
simplify sticky balancer 2019-06-06 16:51:38 +00:00			`end`

			`local function should_set_cookie(self)`
Fix sticky session for ingress without host 2019-12-28 22:56:13 +00:00			`local host = ngx.var.host`
			`if ngx.var.server_name == '_' then`
			`host = ngx.var.server_name`
			`end`

			`if self.cookie_session_affinity.locations then`
			`local locs = self.cookie_session_affinity.locations[host]`
Adds Wilcard check for hostname. Adds wildcard hostname tests. 2019-08-21 23:17:42 +00:00			`if locs == nil then`
			`-- Based off of wildcard hostname in ../certificate.lua`
Fix sticky session for ingress without host 2019-12-28 22:56:13 +00:00			`local wildcard_host, _, err = ngx.re.sub(host, "^[^\\.]+\\.", "*.", "jo")`
Adds Wilcard check for hostname. Adds wildcard hostname tests. 2019-08-21 23:17:42 +00:00			`if err then`
			`ngx.log(ngx.ERR, "error: ", err);`
Code Review changes. Remove duplicate tests. 2019-08-26 15:22:07 +00:00			`elseif wildcard_host then`
			`locs = self.cookie_session_affinity.locations[wildcard_host]`
Adds Wilcard check for hostname. Adds wildcard hostname tests. 2019-08-21 23:17:42 +00:00			`end`
			`end`

simplify sticky balancer 2019-06-06 16:51:38 +00:00			`if locs ~= nil then`
			`for _, path in pairs(locs) do`
			`if ngx.var.location_path == path then`
			`return true`
			`end`
			`end`
			`end`
			`end`

			`return false`
			`end`

refactor lua balancer and fix ipv6 issue 2018-05-30 21:14:28 +00:00			`function _M.balance(self)`
simplify sticky balancer 2019-06-06 16:51:38 +00:00			`local upstream_from_cookie`
Added support for annotation `session-cookie-change-on-failure` 1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`). 2. Added tests to check both cases. 3. Updated docs. Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com> 2019-04-29 13:20:30 +00:00
Fixed review findings. 2019-09-24 08:46:02 +00:00			`local key = self:get_cookie()`
Added support for annotation `session-cookie-change-on-failure` 1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`). 2. Added tests to check both cases. 3. Updated docs. Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com> 2019-04-29 13:20:30 +00:00			`if key then`
			`upstream_from_cookie = self.instance:find(key)`
			`end`

simplify sticky balancer 2019-06-06 16:51:38 +00:00			`local last_failure = self.get_last_failure()`
fix lua lints 2019-07-08 17:51:24 +00:00			`local should_pick_new_upstream = last_failure ~= nil and self.cookie_session_affinity.change_on_failure or`
			`upstream_from_cookie == nil`
Added support for annotation `session-cookie-change-on-failure` 1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`). 2. Added tests to check both cases. 3. Updated docs. Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com> 2019-04-29 13:20:30 +00:00
simplify sticky balancer 2019-06-06 16:51:38 +00:00			`if not should_pick_new_upstream then`
			`return upstream_from_cookie`
Added support for annotation `session-cookie-change-on-failure` 1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`). 2. Added tests to check both cases. 3. Updated docs. Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com> 2019-04-29 13:20:30 +00:00			`end`

fix lua lints 2019-07-08 17:51:24 +00:00			`local new_upstream`

Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475 2019-08-30 09:40:29 +00:00			`new_upstream, key = self:pick_new_upstream(get_failed_upstreams())`
simplify sticky balancer 2019-06-06 16:51:38 +00:00			`if not new_upstream then`
			`ngx.log(ngx.WARN, string.format("failed to get new upstream; using upstream %s", new_upstream))`
			`elseif should_set_cookie(self) then`
Fixed review findings. 2019-09-24 08:46:02 +00:00			`self:set_cookie(key)`
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00			`end`

Added support for annotation `session-cookie-change-on-failure` 1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`). 2. Added tests to check both cases. 3. Updated docs. Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com> 2019-04-29 13:20:30 +00:00			`return new_upstream`
refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00			`end`

Fix session-cookie-* annotation reloading 2019-02-19 22:27:08 +00:00			`function _M.sync(self, backend)`
Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475 2019-08-30 09:40:29 +00:00			`-- reload balancer nodes`
Fix session-cookie-* annotation reloading 2019-02-19 22:27:08 +00:00			`balancer_resty.sync(self, backend)`

Converted sticky session balancers into separate classes. 2019-08-30 16:07:24 +00:00			`self.traffic_shaping_policy = backend.trafficShapingPolicy`
			`self.alternative_backends = backend.alternativeBackends`
Fix session-cookie-* annotation reloading 2019-02-19 22:27:08 +00:00			`self.cookie_session_affinity = backend.sessionAffinityConfig.cookieSessionAffinity`
			`end`

refactor balancer into more testable and extensible interface 2018-05-18 21:36:43 +00:00			`return _M`