sav*_*vas 3 spring spring-security kubernetes sticky-session
我有一个有状态的 Spring 应用程序,我想将其部署到 kubernetes 集群。该应用程序将有多个实例,因此我需要使用 ingress-nginx 控制器启用静态会话。我做了以下配置:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nginx
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "JSESSIONID"
nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
nginx.ingress.kubernetes.io/session-cookie-path: /ingress-test
# UPDATE THIS LINE ABOVE
spec:
rules:
- http:
paths:
- path: /ingress-test
backend:
serviceName: ingress-test
servicePort: 31080
如果登录成功,ingress-nginx 将后续请求重定向到正确的 pod。然而,它有时会在 JSESSIONID 更改后立即切换到其他 pod(JSESSIONID cookie 在成功登录后由 spring-security 更改),并且即使用户凭据正确,前端也会重定向回登录页面。有人尝试过 ingress-nginx 和 spring-security 吗?
此致
以下更改解决了问题。如果规则中没有主机定义,ingress-nginx 不会设置会话 cookie。
有一个未解决的问题:https ://github.com/kubernetes/ingress-nginx/issues/3989
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nginx
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "route"
nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
nginx.ingress.kubernetes.io/session-cookie-path: /ingress-test
# UPDATE THIS LINE ABOVE
spec:
rules:
- host: www.domainname.com
http:
paths:
- path: /ingress-test
backend:
serviceName: ingress-test
servicePort: 31080
| 归档时间: |
|
| 查看次数: |
7272 次 |
| 最近记录: |