Description
I'm trying to use the sessionPersistence spec on an HTTPRoute for a Keycloak instance with a deployment that has 3 replicas. I need to apply some type of sticky session so that the consequent requests go to the same keycloak pod but it doesn't seem to work.
Doing some troubleshooting with the network section in the dev screen in Google Chrome made me realize that the gateway isn't applying at all the header cookie to the requests.
Here's my HTTPRoute yaml that for what I imagine should be right:
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: authenticator-homebanking-route
namespace: test
spec:
hostnames:
- auth-dev.test.com #example domain
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: gateway-principal
namespace: gloo-system
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ""
kind: Service
name: authenticator-homebanking
port: 80
weight: 1
sessionPersistence:
type: Cookie
sessionName: AUTHCOOKIE
absoluteTimeout: 48h
cookieConfig:
lifetimeType: Permanent
The yaml is accepted and the httproute does like accept traffic and shows the keycloak admin front-end, but when trying to login into it the "TOO_MANY_REDIRECTS" error appear, and it only happens if I have more than one replica 'cause the lack of session affinity/persistence.
I'm using Metallb as load balancer for the external IP.