dsessler7
commented
2 years ago As indicated above, the CLI command for canary deploy needs to ask the user if they want to use sticky sessions or not and then send an "isSticky" boolean value accordingly.
I set the 'httpOnly' and 'secure' flags which are used in conjunction with the Set-Cookie header that Traefik is setting. These flags essentially help guard against XSS and man-in-the-middle attacks, respectively. There is also a "sameSite" property which I did not set as there are multiple options. Maybe future work should include asking the user what setting they would want for that, but I figured for now leaving it off is fine.
I tested with catnip and tested with "isSticky" set both true and false and it behaved as expected. I also tested the change traffic weight routes which works. I actually had to use the "template of a template" approach that I used to allow app scaling to get the traffic weight changing to work. I only tested deploying canary, changing weight, and rolling the canary back. I don't think any of the other functionality should be affected by this change, but feel free to test them out before approving the merge. I can also do more thorough testing tomorrow. Guess we should probably test this with the DB-backed todos app.
MFatigati
API's canary deploy route now expects a "isSticky" boolean key/value in the body.
Co-authored-by: Michael Fatigati fatigati.michael@gmail.com Co-authored-by: Samantha Lipari samanthalipari@gmail.com Co-authored-by: Brendan Leal leal.brendan@gmail.com