policy manager has session error when connecting to API gateway on Kubernetes

book

Article ID: 143501

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

The policy manager has no problem connecting to gateway pod if only deploy one gateway pod, but when the replicas is 2 or more, the policy manager fails with error,

“Gateway Inactivity Session Timeout has been reached”

Cause

After policy manager login the gateway, the session info is stored locally in the memory of the gateway node/pod, ie. the session info is not cluster wide.

When the kubernetes proxy route the policy manager traffic to another gateway pod, the gateway pod rejects the request as it has no matching session info.

Environment

container gateway

Resolution

There could be few options, such as kubectl port-forward to a specified pod, but a better options should be expose one more service (for policy manager) with session affinity, for example, (assume that the name of the gateway deployment is gw-dc)

kubectl expose deployment gw-dc --type=NodePort --session-affinity=ClientIP --name=pm-svc

 

Then run command,

kubectl get svc

it will show the new service pm-svc, use that for policy manager connection.