Container Gateway: Connection issues with Policy Manager

book

Article ID: 221887

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We are working to setup environment with container gateway and having issue to connect from policy manager with below details.

  • Our pods are up and running on EKS cluster

  • Trying to connect from policy manager using the external ip 
  • Having below issue: i was able to connect but failed with same timeout issue immediately.

  • Logs from pods

{"package":"com.l7tech.server.admin.AdminSessionManager","level":"WARNING","log":{"client-ip":"10.58.158.18","message":"Admin session/cookie not found: \u003cnot shown\u003e.","listen-port":"Default HTTPS (8443)"},"time":"2021-07-30T20:17:55.002+0000"}

Cause

Gateway in Microsoft azure environment as a container (cloud/.elK) deployment with multiple gateway pods PODS 

Problem Policy manager(PM) access:  When authentication occurs it’s request is processed by one POD then goes to the next POD.  In this flow the session for PM is not known.  Results:   “Gateway Inactivity session timeout has been reached”

This type of deployment is not tested/certified, however we do provide best effort 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/congw-10-1/install-configure-upgrade/differences-between-the-container-gateway-and-appliance-gateway.html

 

Environment

Release : 10.0

Component : API GATEWAY

Resolution

Workaround 

For the load balancer to handle the sticky session probably needs to add the following, so it will always route traffic from a particular IP to a pod.

 sessionAffinity: ClientIP

  sessionAffinityConfig:

    clientIP:

      timeoutSeconds: 10800