Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
badges earned

Your Points Tracker
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Confluence Data Center Cluster on Azure Kubernetes Service

A Confluence Data Center Cluster has to be implemented to serve a fluctuating 15000 concurrent users. Kubernetes is chosen as the orchestrator for managing the instances needed for the load. Currently, a cluster is running as a proof of concept with three nodes. All is working fine, except for the administrative functions. 

When secure administration sessions are turned on in the security configuration, there are issues regarding a security token that is invalid when making any change. After some research, this issue is most probably in relation to the WebSudo token that is sent in the request. When secure administration sessions are turned off, changes show an error that the session has expired.

Because of the load balancer that is on top of the three pods that are running, there is a small possibility that the request is sent to the same instance as before. In that case, it is actually possible to make changes. Based on this, there is probably a key for the administrative functions that is stored on the instance and is not shared between.

How should this issue be fixed? What is the location of the keys of the adminstrative functions an could it be volume mounted between pods?

2 answers

1 accepted

Hi Tom,

Just to be sure, did you configure session affinity?  You should configure the setup in away that once logged-in the session is always sent to the same node.



I added the sessionAffinity to the definition.


Any recommendation on value for timeoutSeconds? Since this will also be used for regular users not using the administrative functions.

That's a tricky question.


The websudo will last for 10 minutes by default.

The user session on Confluence will be maintained over 60 minutes of inactivity by default.

Depending on your security requirements this might change.

If you keep the defaults, I would keep the session affinity slightly higher than 60 minutes.

0 votes


Could you share with us your k8s manifest? What cluster discovery mode you are using and how you configured cluster peers.



Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence

⚡️NEW Group for Confluence Cloud Admins

Calling all Confluence Cloud Admins!  We created a new Community Group to support your unique needs as Confluence admins. This is a group where you can ask questions, access resou...

113 views 2 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you