Support Questions

Find answers, ask questions, and share your expertise

Ngnix ingress issue with Nifi clustering

avatar
New Contributor

Hi There,

 

I have deployed Apache NiFi with 3 nodes in kubernetes cluster.  The Nginx ingress works fine with one node but not with more than one node with keycloak integration with OIDC.  The session affinity setting as ClientIP in nifi service or session affinity annotation setting as "cookie" in Nginx ingress definition doesn't solve this issue. 

 

Error displayed on Nifi UI page after keycloak authenticaation is as below:

 

Unable to continue login sequence 
The login request identifier was not found in the request. Unable to continue.
 
There is no exception is user.log or app.log
 
Any ideas?
1 REPLY 1

avatar
Explorer

Hi @AjitKS ,

 

I suppose that your issue is due the fact the request start in the pod A and the redirect goes to the pod B, so they can't finish the login properly.

 

A suggestion that could help you to solve this issue, try to add a stick session on your ingress, this sticks the current session in a specific pod and will resolve your issue.

Here is a snipped of the configuration:

    nginx.ingress.kubernetes.io/affinity"cookie"
    nginx.ingress.kubernetes.io/session-cookie-name"route"
    nginx.ingress.kubernetes.io/session-cookie-hash"sha1"
    nginx.ingress.kubernetes.io/session-cookie-expires"172800"
    nginx.ingress.kubernetes.io/session-cookie-max-age"172800"
    nginx.ingress.kubernetes.io/affinity-modepersistent