Nginx ingress controller 400 error when request header is "too long"

9/14/2018

NGINX Ingress controller version: 0.18.0 Kubernetes version (use kubectl version): 1.11.1 Cloud provider or hardware configuration: Azure (AKS) Install tools: helm

What happened: The Ingress controller gives a 400 error with a certain GET when a request url/header is "too long".

What you expected to happen: The request is passed on to the correct service and pod.

How to reproduce it (as minimally and precisely as possible): We use keycloak for authentication. When a user logs in a GET is done with an access token that is generated by keycloak. The access token gives a user certain rights within the application. Users have roles that gives them other/more permissions. When a user has a lot of roles the access token get significally longer which causes the 400 on the ingres controller. With a user with less roles it works fine and we can see the GET request being passed on to the right service..

Anything else we need to know: We already tried adjusting header buffer sizes etc from 4k to 8 and 16k but that didn't do anything. I set the ingress controller loglevel to debug, but it doesn't give any more info on the 400 error.

-- bramvdk
azure
azure-kubernetes
kubernetes
kubernetes-helm
kubernetes-ingress

1 Answer

9/14/2018

We solved this issue by also setting the backend service, a Spring Boot service with embedded Tomcat, configuration with server.max-http-header-size: 64000. So the Nginx service and the backend service settings had to be raised.

-- King Nike
Source: StackOverflow