Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence Data Center Cluster on Azure Kubernetes Service

Tom Scholten
Tom Scholten April 20, 2020

A Confluence Data Center Cluster has to be implemented to serve a fluctuating 15000 concurrent users. Kubernetes is chosen as the orchestrator for managing the instances needed for the load. Currently, a cluster is running as a proof of concept with three nodes. All is working fine, except for the administrative functions. 

When secure administration sessions are turned on in the security configuration, there are issues regarding a security token that is invalid when making any change. After some research, this issue is most probably in relation to the WebSudo token that is sent in the request. When secure administration sessions are turned off, changes show an error that the session has expired.

Because of the load balancer that is on top of the three pods that are running, there is a small possibility that the request is sent to the same instance as before. In that case, it is actually possible to make changes. Based on this, there is probably a key for the administrative functions that is stored on the instance and is not shared between.

How should this issue be fixed? What is the location of the keys of the adminstrative functions an could it be volume mounted between pods?

Answer
Watch
Like # people like this
1165 views

2 answers

1 accepted

0 votes
Answer accepted
Reto Gehring _Valiantys_
Reto Gehring _Valiantys_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 20, 2020

Hi Tom,

Just to be sure, did you configure session affinity?  You should configure the setup in away that once logged-in the session is always sent to the same node.

Reto

View More Comments
Tom Scholten
Tom Scholten April 20, 2020

Hi,

I added the sessionAffinity to the definition.

spec:
  sessionAffinityClientIP
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds900

Any recommendation on value for timeoutSeconds? Since this will also be used for regular users not using the administrative functions.

Like
Reto Gehring _Valiantys_
Reto Gehring _Valiantys_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 20, 2020

That's a tricky question.

 

The websudo will last for 10 minutes by default.

The user session on Confluence will be maintained over 60 minutes of inactivity by default.

Depending on your security requirements this might change.

If you keep the defaults, I would keep the session affinity slightly higher than 60 minutes.

Like
Reply
0 votes
Gefter Chongong
Gefter Chongong March 3, 2021

Tom,

Could you share with us your k8s manifest? What cluster discovery mode you are using and how you configured cluster peers.

 

Thanks 

View More Comments
Phong Vũ Quốc
Phong Vũ Quốc March 9, 2022

Yeah, would like to see the manifest as well...

We got some problem with cluster discovery mode in GCP.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events