IK.AM

@making's tech note


A workaround when scaling out TAP GUI

🗃 {Dev/CaaS/Kubernetes/TAP}
🏷 Kubernetes 🏷 TAP 🏷 TAP GUI 🏷 Tanzu 🏷 ytt 
🗓 Updated at 2022-12-21T00:52:59Z  🗓 Created at 2022-12-21T00:52:59Z {✒️️ Edit  ⏰ History  🗑 Delete}  🇯🇵 Original entry

⚠️ The content of this article is not supported by VMware. Any issues arising from the content of this article are your responsibility and please do not contact VMware Support.

Starting with TAP 1.3, scaling out TAP GUI is supported. You can set replicas in tap-values.yaml like bellow:

tap_gui:
  deployment:
    replicas: 3

But since sessions are not shared across instances, If you have authentication enabled for the TAP GUI, scaling out will make requests round-robin and A successful login can be routed to an instance that is not logged in and then display an authentication error.

Until the TAP GUI fixes this issue, using Contour's Session Affinity, you can the same logged-in user should be routed to the same instance. Create the following overlay to enable Session Affinity for HTTPProxy in TAP GUI.

cat EOF > tap-gui-session-affinity.yaml
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.subset({"kind":"HTTPProxy","metadata":{"name":"tap-gui"}})
---
spec:
  routes:  
  #@overlay/match by=overlay.subset({"services": [{"name": "server"}]}) 
  - services: []
    #@overlay/match missing_ok=True
    loadBalancerPolicy:
      strategy: Cookie
EOF

Create a Secret for the overlay

kubectl -n tap-install create secret generic tap-gui-session-affinity \
  -o yaml \
  --dry-run=client \
  --from-file=tap-gui-session-affinity.yaml\
  | kubectl apply -f-

Set the secret name of the created overlay to package_overlays in tap-values.yaml as follows:

package_overlays:
# ...
- name: tap-gui
  secrets:
  - name: tap-gui-session-affinity
  # ...

Then, update package install

tanzu package installed update -n tap-install tap -f tap-values.yaml