NGINX Ingress controller version: 0.18.0 Kubernetes version (use kubectl version): 1.11.1 Cloud provider or hardware configuration: Azure (AKS) Install tools: helm

What happened: The Ingress controller gives a 400 error with a certain GET when a request url/header is "too long".

What you expected to happen: The request is passed on to the correct service and pod.

How to reproduce it (as minimally and precisely as possible): We use keycloak for authentication. When a user logs in a GET is done with an access token that is generated by keycloak. The access token gives a user certain rights within the application. Users have roles that gives them other/more permissions. When a user has a lot of roles the access token get significally longer which causes the 400 on the ingres controller. With a user with less roles it works fine and we can see the GET request being passed on to the right service..

Anything else we need to know: We already tried adjusting header buffer sizes etc from 4k to 8 and 16k but that didn't do anything. I set the ingress controller loglevel to debug, but it doesn't give any more info on the 400 error.