Posted on 02-22-2021 07:30 PM
Hey everyone-- I'll try to get to the point as quickly as possible;
We have our JAMF deployment in AWS; RDS, Memcache, Cloudfront, and ECS hosting the web applications.
Things have been working just fine for the few years we've had this running; however, we are encountering a problem:
Our company is spinning off into a new AWS account; so we're looking to migrate application by application. Unfortunately JAMF falls in the forgotten space between our Engineering org and IT; so not a whole lot of help on that front.
At this point, every piece of infrastructure has been successfully migrated. RDS, memcached, Cloudfront DP are all in the new account. We're having issues with the Tomcat deploy, however. Currently getting the error in the title when logging into the JSS UI; and for the life of me I can't imagine why. We've had this setup utilizing Okta for SSO for over a year:
Jamf URL ( AWS ALB ) -> Okta -> Jamf URL ( AWS ALB ) -> JSS
Again; never has been an issue until now. The only thing I can possibly think of is that the DNS Authority is currently in the old account so therefore is not an origin for the domain. I'm not too familiar with the way these headers work; but the full URL comes through as the origin as expected (exactly as it did on ECS); but it seems to register as a cross-origin request.
Any help or things to check out would be so much appreciated. In the final week of this account migration and Jamf is one of our last applications to get on over. Thank you!
Edit: Well, I decided to scale down the new deployment to one singular pod (which sets itself as the Master). When the single pod is the only thing the service points to, everything seems to work just fine and dandy. Scaling up in any way whatsoever puts me back into a situation where the iframes won't load in my browser due to a mismatch in origin. The strange thing is that the target group has stickiness enabled; and should not be hopping hosts willy-nilly. Headed to bed for the night, but once again any ideas on where to look next would be great!
Basing my Ingress/Service/StatefulSet off JAMFs manifests here:
https://github.com/jamf/kubernetesManifests
Only thing different is that MySQL is in RDS, and memcached is in Redis; not all within the cluster.