I have the following headless service in my kubernetes cluster :

apiVersion: v1
kind: Service
metadata:
  labels:
    app: foobar
  name: foobar
spec:
  clusterIP: None
  clusterIPs:
  - None
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: foobar
  sessionAffinity: ClientIP
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10800
  type: ClusterIP

Behind are running couple of pods managed by a statefulset.

Lets try to reach my pods individually :

• Running an alpine pod to contact my pods :

> kubectl run alpine -it --tty --image=alpine -- sh

• Adding curl to fetch webpage :

alpine#> add apk curl

• I can curl into each of my pods :

alpine#> curl -s pod-1.foobar
hello from pod 1
alpine#> curl -s pod-2.foobar
hello from pod 2

It works just as expected.

Now I want to have a service that will loadbalance between my pods. Let's try to use that same foobar service :

alpine#> curl -s foobar
hello from pod 1
alpine#> curl -s foobar
hello from pod 2

It works just well. At least almost : In my headless service, I have specified sessionAffinity. As soon as I run a curl to a pod, I should stick to it.

I've tried the exact same test with a normal service (not headless) and this time it works as expected. It load balances between pods at first run BUT then stick to the same pod afterwards.

Why sessionAffinity doesn't work on a headless service ?

CodePudding user response：

The affinity capability is provided by kube-proxy, only connection establish thru the proxy can have the client IP "stick" to a particular pod for a period of time. In case of headless, your client is given a list of pod IP(s) and it is up to your client app. to select which IP to connect. Because the order of IP(s) in the list is not always the same, typical app. that always pick the first IP will result to connect to the backend pod randomly.