Azure AKS Kubernetes NGINX Ingress Header error but changing buffer defaults not working

1/10/2020

I'm redeploying an Azure AKS cluster that is working, but I'm getting an error from the NGINX Ingress on the new one.

The old cluster was created 1 or 2 years ago and used Helm 2 and the version of NGINX that was current at that time.

When creating the new cluster I'm using Helm 3 and latest Nginx Ingress chart with Nginx 1.17.6

I can get the cluster up and running but when I attempt to login to the application I get 502 Bad Gateway. Checking the log I see

2020/01/10 18:48:21 [error] 41#41: *20 upstream sent too big header while reading response header from upstream, client: 68.101.50.197, server: www.mywebsite.com, request: "POST /signin-oidc HTTP/1.1", upstream: "http://10.244.1.43:80/signin-oidc", host: "www.mywebsite.com", referrer: "https://login.microsoftonline.com/"
68.101.50.197 - - [10/Jan/2020:18:48:21 +0000] "POST /signin-oidc HTTP/1.1" 502 559 "https://login.microsoftonline.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36" "-"

This application uses Azure AD login and Microsoft server does a big Post-back to complete the login.

I remember having a similar problem when I created the original cluster but I thought I resolved it by increasing the Nginx buffers. However, I'm trying to do that now and I'm not seeing any change.

Here is the command I'm using to install the Helm chart. (run from Powershell)

helm uninstall my-ingress;
helm install my-ingress nginx-stable/nginx-ingress `
    --set "controller.config.proxy-buffers=4 256k,controller.config.proxy-buffer-size=512k" `
    --set controller.replicaCount=3 `
    --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux `
    --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux;

Question is, what am I doing wrong? How can I fix this so the login Post-back succeeds? Or, how can I find out if there is a different error?

-- Zack
azure-aks
kubernetes
nginx
nginx-ingress

0 Answers