Grouper Users - Open Discussion List

["Hyzer, Chris" <>]

Ok if its sticky by sourceip  and that goes to one pod/node then you are all set with that.

 

If you look in developer tools in the browser you should see the network tab and requests with an error. You should see an HTTP error code.  That might help out and let you know whats going on (e.g. redirect to authn or csrf error or something else).  see if oyu can tie that error to the web server logs or tomcat log

 

 

 

From: Darren Boss
Sent: Tuesday, April 28, 2020 9:04 PM
To: Hyzer, Chris <>
Cc: Christopher Bongaarts <>; Alex Poulos <>;
Subject: Re: [grouper-users] Any tips for k8s ingress configuration

 

For the LB proxy I'm using stream blocks, there are no sticky options for TCP/UDP based proxies. I've added the "hash $remote_addr;" option to the stream backend section so once I've started a session, I'm always going to the same node in the cluster and I've confirmed that my logging %h (remote hostname) and not %a (client ip) and making sure the ip wasn't changing. From there, the connection is handled by the nginx ingress where using a sticky cookie is an option but at this point in the connection, I don't think it really matters since there is only one grouper pod, I'm not running multiple replicas. I'll try sticky on the ingress and on the service as well just to make sure.

 

It seems like the proxy-body-size has improved things but perhaps it's just a placebo. After a while I did get the ajax error message and I searched the logs looking for error 413 Request Entity Too Large status but didn't see any.