Kubernetes ingress-nginx sticky session isn't working with spring security
Following change fixed the problem. Without a host definition in rules, ingress-nginx doesn't set session cookie.
There is an open issue: https://github.com/kubernetes/ingress-nginx/issues/3989
apiVersion: extensions/v1beta1kind: Ingressmetadata: name: ingress-nginx annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/session-cookie-name: "route" nginx.ingress.kubernetes.io/session-cookie-expires: "172800" nginx.ingress.kubernetes.io/session-cookie-max-age: "172800" nginx.ingress.kubernetes.io/session-cookie-path: /ingress-test # UPDATE THIS LINE ABOVEspec: rules: - host: www.domainname.com http: paths: - path: /ingress-test backend: serviceName: ingress-test servicePort: 31080
The reason spring changes the cookie is to prevent session fixation (more information can be found here: https://www.owasp.org/index.php/Session_fixation).In your case you are using the same cookie for the sticky routing policy that is used by spring for session handling.
I suggest to use a different cookie name - it will be created by nginx and there is no need to use a cookie that is used by the application.