Skip to content

DOCS-826: expand SRA requirements for session affinity, cookies, and LB timeouts#281

Open
harrison-akeyless wants to merge 6 commits into
v1.0from
v1.0_docs-826-sra-requirements-session-affinity
Open

DOCS-826: expand SRA requirements for session affinity, cookies, and LB timeouts#281
harrison-akeyless wants to merge 6 commits into
v1.0from
v1.0_docs-826-sra-requirements-session-affinity

Conversation

@harrison-akeyless
Copy link
Copy Markdown
Collaborator

@harrison-akeyless harrison-akeyless commented May 26, 2026
edited by coderabbitai Bot
Loading

Summary

  • add explicit sticky-session/session-affinity requirements for ingress and cloud load balancers
  • document DB application routing requirement for cookie-based session affinity
  • add session cookie guidance for HTTPS and HTTP lab deployments (DISABLE_SECURE_COOKIE)
  • add cloud/ingress timeout baseline table for long SRA sessions with vendor references

Validation

  • markdownlint (edited markdown files)
  • cspell (edited markdown files)
  • lychee (edited markdown files)

Summary by CodeRabbit

  • Documentation
    • Expanded Secure Remote Access (SRA) requirements documentation with comprehensive setup guidance, including infrastructure requirements, session routing and cookie configuration, timeout alignment per platform, redirect URL allowlisting, and authentication compatibility details.

Review Change Stack

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 26, 2026
edited
Loading

Warning

Review limit reached

@harrison-akeyless, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 41 minutes and 38 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ead71513-7e12-4a54-a3db-565f54b450d6

📥 Commits

Reviewing files that changed from the base of the PR and between ea1b02f and 373bd7c.

📒 Files selected for processing (1)
  • docs/Secure Remote Access/sra-setup/sra-requirements.md
📝 Walkthrough

Walkthrough

This PR expands and reorganizes the SRA requirements documentation by adding a comprehensive Requirements Checklist and Core Infrastructure Requirements section, followed by new detailed sections covering session routing, cookie affinity, timeout alignment, redirect URL allowlisting, and session-recording authentication compatibility.

Changes

SRA Requirements Documentation Expansion

Layer / File(s) Summary
Infrastructure Requirements Baseline
docs/Secure Remote Access/sra-setup/sra-requirements.md		 Adds a Requirements Checklist table and Core Infrastructure Requirements section covering outbound connectivity, Redis dependency, minimum resources, Kubernetes constraints, Gateway CA trust, and Docker Compose profiles.
Session Management and Operational Requirements
docs/Secure Remote Access/sra-setup/sra-requirements.md		 Introduces session routing and cookie affinity requirements (sticky sessions, NGINX annotations, redirect/SAML size limits, connection-mode permissions, secure cookies), session timeout/TTL alignment with vendor timeout table, redirect URL allowlist configuration (Helm and Docker env vars), session-recording authentication guidance, and relocates Port Inventory table.

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly Related PRs

Suggested Reviewers

  • EldadH89

Poem

🐰 With whiskers twitched and tail held high,
We've wove new threads through SRA sky—
Infrastructure and sessions aligned,
A checklist thorough, so well-designed!
From sticky sessions to timeouts true,
Requirements bloom in morning's dew. 🌱

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly reflects the main changes: expansion of SRA requirements documentation with specific focus on session affinity, cookies, and load balancer timeouts, which aligns with the detailed additions to the requirements document.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch v1.0_docs-826-sra-requirements-session-affinity

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@harrison-akeyless harrison-akeyless marked this pull request as ready for review May 26, 2026 18:56
coderabbitai[bot]
coderabbitai Bot reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
docs/Secure Remote Access/sra-setup/sra-requirements.md (1)

13-13: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Define acronyms on first use.

The acronyms "SRA" and "ZTWA" are used without definition. As per coding guidelines, define non-obvious acronyms on first use in documentation.

📝 Proposed fix 
-Use this page to validate infrastructure requirements before deploying Akeyless Gateway with Secure Remote Access (SRA) and Zero Trust Web Access (ZTWA).
+Use this page to validate infrastructure requirements before deploying Akeyless Gateway with Secure Remote Access (SRA) and Zero Trust Web Access (ZTWA) capabilities.

Or more explicitly:

-Use this page to validate infrastructure requirements before deploying Akeyless Gateway with Secure Remote Access (SRA) and Zero Trust Web Access (ZTWA).
+Use this page to validate infrastructure requirements before deploying Akeyless Gateway with Secure Remote Access (SRA) and Zero Trust Web Access (ZTWA). SRA provides secure access to remote systems, while ZTWA enables browser-based access with zero trust controls.

As per coding guidelines: "Define non-obvious acronyms on first use in documentation"

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/Secure` Remote Access/sra-setup/sra-requirements.md at line 13, The
acronyms "SRA" and "ZTWA" are used without definition in the sentence "Use this
page to validate infrastructure requirements before deploying Akeyless Gateway
with Secure Remote Access (SRA) and Zero Trust Web Access (ZTWA)"; update that
first occurrence to include each acronym's full form in parentheses (e.g.,
"Secure Remote Access (SRA)" and "Zero Trust Web Access (ZTWA)") so both
acronyms are defined on first use and subsequent instances can use the short
forms.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@docs/Secure` Remote Access/sra-setup/sra-requirements.md:
- Line 13: The acronyms "SRA" and "ZTWA" are used without definition in the
sentence "Use this page to validate infrastructure requirements before deploying
Akeyless Gateway with Secure Remote Access (SRA) and Zero Trust Web Access
(ZTWA)"; update that first occurrence to include each acronym's full form in
parentheses (e.g., "Secure Remote Access (SRA)" and "Zero Trust Web Access
(ZTWA)") so both acronyms are defined on first use and subsequent instances can
use the short forms.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5f17bf36-08be-410f-8d9e-76e445b488a5

📥 Commits

Reviewing files that changed from the base of the PR and between 76bf7a4 and ea1b02f.

📒 Files selected for processing (1)
  • docs/Secure Remote Access/sra-setup/sra-requirements.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@harrison-akeyless harrison-akeyless

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@harrison-akeyless