Hello, we have jira 9.11.2 deployed via custom helm chart in dc mode. Sometimes our clinets catch the XSRF issue.
We have read https://confluence.atlassian.com/jirakb/xsrf-security-token-missing-or-session-expiring-in-jira-1032258314.html and tried to:
- disable bot
- increase session timeout
- and etc
We have turned on sticky session to ingress and service.
...
Annotations:
cert-manager.io/cluster-issuer: letsencrypt-certs
external-dns.alpha.kubernetes.io/cloudflare-proxied: false
kubernetes.io/ingress.class: public
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/affinity-mode: persistent
...
nginx.ingress.kubernetes.io/proxy-body-size: 500m
nginx.ingress.kubernetes.io/proxy-connect-timeout: 300
nginx.ingress.kubernetes.io/proxy-read-timeout: 1800
nginx.ingress.kubernetes.io/proxy-send-timeout: 300
nginx.ingress.kubernetes.io/ssl-redirect: true
...
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.61.72.5
IPs: 10.61.72.5
Port: http 80/TCP
TargetPort: http/TCP
Endpoints: 10.61.5.6:8080,10.61.8.6:8080
Port: listener-port 40001/TCP
TargetPort: listener-port/TCP
Endpoints: 10.61.5.6:40001,10.61.8.6:40001
Port: object-port 40002/TCP
TargetPort: object-port/TCP
Endpoints: 10.61.5.6:40002,10.61.8.6:40002
Port: multicast-port 40003/TCP
TargetPort: multicast-port/TCP
Endpoints: 10.61.5.6:40003,10.61.8.6:40003
Session Affinity: ClientIP
Events: <none>
Despite that fact some users are redirected to anoter instance and get the XSRF issue.
What to do? What should I pay attention to?
