Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Any tips for k8s ingress configuration

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Any tips for k8s ingress configuration

Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: Darren Boss <>
  • Cc: Christopher Bongaarts <>, Alex Poulos <>, "" <>
  • Subject: RE: [grouper-users] Any tips for k8s ingress configuration
  • Date: Wed, 29 Apr 2020 01:07:51 +0000
  • Arc-authentication-results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZJFvnHjn1d/xwCSm8Lsx/noaPEj4iKdWd3iX/Jh4brM=; b=Z+d+P/NYUXt9QV2D8+eQ/B0eGWUeX/RK2z6ZnkrQJkBSl6fNU02dFBXXWD2chs+5+xLJfYYwWks/+OWrQswV1PImET5UhaQ0biEprJVRhRWY/onZEcOnSGH2l6fPmaGi9PoOjjgpwE/gdwv5bgJ3TZV2QZCuFhYs5iuEomMsfj6VMN4GxKH9mtVb3t/v+11thIln4ZzV5CyIBxqVpzDOZ1ZzvyA4PscFubIq00AfgHkTyJJNiVwVeiu56cBPPvdXcx2SdWRmtb7AdTA/KX/L4d+hTihYb0UZTXxjLVGfEdsuaI6yvj7njcXYOi3hmsTdf/HfY4DGblN3+GBKK6YlmA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=NujLNPfG7rv+83ELkcq/rOarJxH4GkgxrpVzzsVlvwaRHUhpgX0+GZ6WikqbOI2n2ao9Jx96XH+uLIAsczaMJE+BgV4mjyJwBZF571Bm+JHmJji+QtadnWZGMCCPrF4PEhOn1V3qQE4pmu7RwXnUSQKc/FemWyjkEKAQGfQGFkIxxVd5pjcsZ2z2vtKlQv7TM/bxWbnUugflbVHje1L8kvTczoVzrLuXj9LuEiiuTSTk6RnEAgLWDxIU2wJ4cyIpeEtFu5hLzs/sSXXSvxhaAIFqYyeEkYbBLN3fU8gkYJ33FaTNKv19mfF7iVBByGOduhDH1Rnrq6/cva9bfFtcfg==

Ok if its sticky by sourceip  and that goes to one pod/node then you are all set with that.


If you look in developer tools in the browser you should see the network tab and requests with an error. You should see an HTTP error code.  That might help out and let you know whats going on (e.g. redirect to authn or csrf error or something else).  see if oyu can tie that error to the web server logs or tomcat log




From: Darren Boss
Sent: Tuesday, April 28, 2020 9:04 PM
To: Hyzer, Chris <>
Cc: Christopher Bongaarts <>; Alex Poulos <>;
Subject: Re: [grouper-users] Any tips for k8s ingress configuration


For the LB proxy I'm using stream blocks, there are no sticky options for TCP/UDP based proxies. I've added the "hash $remote_addr;" option to the stream backend section so once I've started a session, I'm always going to the same node in the cluster and I've confirmed that my logging %h (remote hostname) and not %a (client ip) and making sure the ip wasn't changing. From there, the connection is handled by the nginx ingress where using a sticky cookie is an option but at this point in the connection, I don't think it really matters since there is only one grouper pod, I'm not running multiple replicas. I'll try sticky on the ingress and on the service as well just to make sure.


It seems like the proxy-body-size has improved things but perhaps it's just a placebo. After a while I did get the ajax error message and I searched the logs looking for error 413 Request Entity Too Large status but didn't see any.

Archive powered by MHonArc 2.6.19.

Top of Page