Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,298,336
Community Members
 
Community Events
165
Community Groups

Confluence Data Center Cluster on Azure Kubernetes Service

A Confluence Data Center Cluster has to be implemented to serve a fluctuating 15000 concurrent users. Kubernetes is chosen as the orchestrator for managing the instances needed for the load. Currently, a cluster is running as a proof of concept with three nodes. All is working fine, except for the administrative functions. 

When secure administration sessions are turned on in the security configuration, there are issues regarding a security token that is invalid when making any change. After some research, this issue is most probably in relation to the WebSudo token that is sent in the request. When secure administration sessions are turned off, changes show an error that the session has expired.

Because of the load balancer that is on top of the three pods that are running, there is a small possibility that the request is sent to the same instance as before. In that case, it is actually possible to make changes. Based on this, there is probably a key for the administrative functions that is stored on the instance and is not shared between.

How should this issue be fixed? What is the location of the keys of the adminstrative functions an could it be volume mounted between pods?

2 answers

1 accepted

Hi Tom,

Just to be sure, did you configure session affinity?  You should configure the setup in away that once logged-in the session is always sent to the same node.

Reto

Hi,

I added the sessionAffinity to the definition.

spec:
sessionAffinityClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds900

Any recommendation on value for timeoutSeconds? Since this will also be used for regular users not using the administrative functions.

That's a tricky question.

 

The websudo will last for 10 minutes by default.

The user session on Confluence will be maintained over 60 minutes of inactivity by default.

Depending on your security requirements this might change.

If you keep the defaults, I would keep the session affinity slightly higher than 60 minutes.

Tom,

Could you share with us your k8s manifest? What cluster discovery mode you are using and how you configured cluster peers.

 

Thanks 

Yeah, would like to see the manifest as well...

We got some problem with cluster discovery mode in GCP.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence

An update on Confluence Cloud customer feedback – June 2022

Hi everyone, We’re always looking at how to improve Confluence and customer feedback plays an important role in making sure we're investing in the areas that will bring the most value to the most c...

179 views 1 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you