Add SessionPersistence API as experimental

[gcs278]

From GEP-1619, add BackendLBPolicy with SessionPersistence fields and add the SessionPersistence fields on HTTPRouteRule and GRPCRouteRule as experimental.

/kind feature

What this PR does / why we need it:
Makes SessionPersistence API experimental.

Which issue(s) this PR fixes:
Updates #713

Does this PR introduce a user-facing change?:

BackendLBPolicy has been added to enable session persistence configuration for backends.
A SessionPersistence field has been added to HTTPRoute and GRPCRoute to enable session persistence for routes.

[k8s-ci-robot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[gcs278]

/cc @robscott @shaneutt @ginayeh

[k8s-ci-robot]

@gcs278: GitHub didn't allow me to request PR reviews from the following users: ginayeh.

Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs.

Details

In response to this:

/cc @robscott @shaneutt @ginayeh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[gcs278]

Should this requirement of having SessionPersistence.AbsoluteTimeout when SessionPersistence.LifetimeType = Permanent be enforced by CEL?

Or should we just allow implementations to decide a valid default?

[robscott]

Good question, I think we should definitely aim to enforce this with CEL. Happy to help figure out what that looks like if it ends up being tricky.

[gcs278]

Added it.

I tested the CEL by hand in my own cluster with the CRD. Are there CRD integration tests for validating CEL that I should add a test case to? I looked around and couldn't find anything.

[robscott]

Yep, sorry I missed this, these tests are part of https://github.com/kubernetes-sigs/gateway-api/tree/main/pkg/test/cel. Here's where we run them in presubmits:

gateway-api/hack/verify-crds-kind.sh

Line 60 in a101a23

go test -v -timeout=120s -count=1 --tags ${CHANNEL} sigs.k8s.io/gateway-api/pkg/test/cel || res=$?

[gcs278]

Ah should I looked a little harder...added a CEL test.

[robscott]

Thanks @gcs278! Just took a quick look at this but so far mostly LGTM.

[robscott]

Good question, I think we should definitely aim to enforce this with CEL. Happy to help figure out what that looks like if it ends up being tricky.

[robscott]

This seems like an awfully long length, what kind of session name would be this long?

[gcs278]

Good question...

I believe I got the max length from https://www.rfc-editor.org/rfc/rfc6265:

Practical user agent implementations have limits on the number and
size of cookies that they can store. General-use user agents SHOULD
provide each of the following minimum capabilities:

o At least 4096 bytes per cookie (as measured by the sum of the
length of the cookie's name, value, and attributes).

But this is the minimum capabilities, so I suppose that's the worst case (smallest supported cookie size)...of the worst case (the entire cookie size is the name...).

So yea 4096 is a somewhat arbitrary. Is it best practice to limit string lengths? Or is it okay to leave unspecified?

[robscott]

Is it best practice to limit string lengths?

Yep, it's been a strong requirement to avoid any kind of unbounded values in Gateway API.

as measured by the sum of the length of the cookie's name, value, and attributes

In the case of cookie-based persistence this would just be the cookie name right? (Not the value or attributes)

[gcs278]

In the case of cookie-based persistence this would just be the cookie name right? (Not the value or attributes)

Correct. SessionName is just the cookie name. I was just trying to find established limits, and the only one I came across was this 4096 bytes value for the whole cookie.

Since I can't find any enforced value, should we start with something reasonable? Maybe 128 or 256?

[robscott]

Let's start with 128 and increase if/when necessary. It's hard for me to think of a use case that would require a longer session name, but I could be missing something.

[gcs278]

128 seems reasonable to start with. I suppose increasing the limit is much easier than decreasing the limit if we need to change it later.

[robscott]

I know you're already on this, but just in case we forget, when #2966 merges, we'll need to update this to be both a list and a local reference.

[candita]

As an experimental feature, does this belong in v1?

[robscott]

Discussed in meeting, but since this is an experimental field and not an entire resource, we have to add it to any API versions that exist for that resource, in this case that includes v1. Importantly we add the <gateway:experimental> tags around this field to ensure it's only accessible if you install the experimental version of this CRD. This is conceptually similar to upstream Kubernetes where new fields added to the v1 Service API are initially guarded by alpha feature gates (but if that feature gate is enabled, the field is accessible as part of the v1 Service API).

[gcs278]

/cc @kflynn

@robscott Updated to include LocalPolicyTargetReference as provided by #2966

[robscott]

Thanks @gcs278!

[robscott]

Suggested change

	TargetRef LocalPolicyTargetReference `json:"targetRef"`
	// +listType=map
	// +listMapKey=group
	// +listMapKey=kind
	// +listMapKey=name
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=16
	TargetRefs []LocalPolicyTargetReference `json:"targetRefs"`

I think this should be a list of object references, and I think this list should be "atomic" as I'd expect to exclusively have one owner, but interested in what others think here.

[robscott]

cc @dprotaso for advice on list type

[dprotaso]

listType=map with keys [group, kind, name] would make sense here. Then different parts of the list could be 'owned' by different people

[robscott]

Sounds good, that likely is far more future proof. Somehow I'd convinced myself that these resources would always have a single owner, but there will likely be at least some edge cases where that's not true. I've updated the original suggestion to reflect your advice @dprotaso.

[gcs278]

Ack. Updated to be a list.

[robscott]

Let's start with 128 and increase if/when necessary. It's hard for me to think of a use case that would require a longer session name, but I could be missing something.

[robscott]

Thanks @gcs278! Will defer to someone else for final LGTM.

/approve

[shaneutt]

Seems like a great huge step to getting something out there that implementations can try to implement and start giving us some feedback 👍

/approve

@gcs278 out of curiosity do you have an implementation that you tested this out with? If you do, would you be opposed to putting some time on our meeting agenda to do a quick demo for us? Would be really cool!

(also in general if you've had a chance to implement this locally and sort of try it out, that could be very valuable)

[shaneutt]

Suggested change

	// SessionPersistence defines the desired state of
	// SessionPersistence.
	// SessionPersistence defines the desired state of SessionPersistence.

[gcs278]

Done.

[shaneutt]

👍

[shaneutt]

👍

[shaneutt]

👍

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gcs278, robscott, shaneutt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [robscott,shaneutt]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gcs278]

Seems like a great huge step to getting something out there that implementations can try to implement and start giving us some feedback 👍

/approve

@gcs278 out of curiosity do you have an implementation that you tested this out with? If you do, would you be opposed to putting some time on our meeting agenda to do a quick demo for us? Would be really cool!

I do not. I would love for an implementation to give this a shot. I will advertise for it in our community meeting.

(also in general if you've had a chance to implement this locally and sort of try it out, that could be very valuable)

+1 - that's one of the reasons I brought up Blitx as a reference implementation. I wish I had a "proving ground" for testing the API. I suppose it can be a real implementation. One of my concerns with the experimental API, is that it's mostly theoretical. I'm open to suggestions.

[robscott]

Thanks @gcs278!

/lgtm
/hold cancel