There are multiple authentication nodes behind load balancer and have sticky session configured to make sure authentication request sent to the same node.
It only appeared in Chrome, but Firefox worked fine.
Here is the first request, INGRESSCOOKIE was set in response headers
Below is the second subsequent request. set-cookie INGRESSCOOKIE was set again in response headers, while it's expected to be attached in request headers. This appeared in Chrome only
Firefox worked fine without the same issue, below is the second request in Firefox with INGRESSCOOKIE attached in request headers. Any ideas what caused the issue?
The issue was
path:?(.*)inINGRESSCOOKIE, it may be a defect related to this https://github.com/kubernetes/ingress-nginx/issues/6812It appeared that FF sees it matches everything, but Chrome doesn't match anything and remove the ingresscookie from request header from all subsequence request, and caused the login failed.
the workaround was adding
nginx.ingress.kubernetes.io/session-cookie-path: "/"explicitly