Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Confluence Data Center Cluster on Azure Kubernetes Service

A Confluence Data Center Cluster has to be implemented to serve a fluctuating 15000 concurrent users. Kubernetes is chosen as the orchestrator for managing the instances needed for the load. Currently, a cluster is running as a proof of concept with three nodes. All is working fine, except for the administrative functions. 

When secure administration sessions are turned on in the security configuration, there are issues regarding a security token that is invalid when making any change. After some research, this issue is most probably in relation to the WebSudo token that is sent in the request. When secure administration sessions are turned off, changes show an error that the session has expired.

Because of the load balancer that is on top of the three pods that are running, there is a small possibility that the request is sent to the same instance as before. In that case, it is actually possible to make changes. Based on this, there is probably a key for the administrative functions that is stored on the instance and is not shared between.

How should this issue be fixed? What is the location of the keys of the adminstrative functions an could it be volume mounted between pods?

2 answers

1 accepted

Hi Tom,

Just to be sure, did you configure session affinity?  You should configure the setup in away that once logged-in the session is always sent to the same node.

Reto

Hi,

I added the sessionAffinity to the definition.

spec:
sessionAffinityClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds900

Any recommendation on value for timeoutSeconds? Since this will also be used for regular users not using the administrative functions.

That's a tricky question.

 

The websudo will last for 10 minutes by default.

The user session on Confluence will be maintained over 60 minutes of inactivity by default.

Depending on your security requirements this might change.

If you keep the defaults, I would keep the session affinity slightly higher than 60 minutes.

Tom,

Could you share with us your k8s manifest? What cluster discovery mode you are using and how you configured cluster peers.

 

Thanks 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence

Confluence Mythbusters: Does Atlassian even use Confluence?

Hi, Confluence collaborators! As part of #Confluence-Collaboratory month, we’ve created a very special Mythsbusters segment, where we're dive into an interesting myth and uncover the truth behind i...

1,534 views 7 29
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you