policy manager has session error when connecting to API gateway on Kubernetes


Article ID: 143501


Updated On:


CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway


The policy manager has no problem connecting to gateway pod if only deploy one gateway pod, but when the replicas is 2 or more, the policy manager fails with error,

“Gateway Inactivity Session Timeout has been reached”


After policy manager login the gateway, the session info is stored locally in the memory of the gateway node/pod, ie. the session info is not cluster wide.

When the kubernetes proxy route the policy manager traffic to another gateway pod, the gateway pod rejects the request as it has no matching session info.


container gateway


There could be few options, such as kubectl port-forward to a specified pod, but a better options should be expose one more service (for policy manager) with session affinity, for example, (assume that the name of the gateway deployment is gw-dc)

kubectl expose deployment gw-dc --type=NodePort --session-affinity=ClientIP --name=pm-svc


Then run command,

kubectl get svc

it will show the new service pm-svc, use that for policy manager connection.