-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nginx Ingress - 400 Bad Request: Request Header Or Cookie Too Large #319
Comments
@qrpike please check if adding |
@aledbf I was looking at that. I have kubernetes self hosted on bare metal so I often need to talk across namespaces. As long as I don't enable auth it works fine, enabling auth causes the issues. I worked around this by having the main ingress just point directly to that namespaces services. Gets rid of a network hop as well. Thanks, |
@qrpike please reopen if you still have issues |
Hello, We are experiencing same problem . ingress version: gcr.io/google_containers/nginx-ingress-controller:0.8.3 I have added large-client-header-buffers: "4 16k" into configMap - but it was not propagated to to pod.
apiVersion: v1 |
@MilanDasek This is because ( i found out recently ) that the ingress controller actually listens in ALL namespaces. You get that header-buffer because it's doing a ton of redirects between your namespaces before finally arriving at the location ( based on luck of finally getting through ). Thats why you only get it sometimes. So you should make 1 ingress controller deployment/daemonset in default namespace or where ever you like. And create the ingresses for your services in that services namespace. The ingress controller will see it and route the traffic accordingly. I was shocked too, but it works. |
I am sorry, I would like to be sure I do understand. So Nginx Ingress Controller (basically Nginx server) should be deployed in "default" namespace and all ingresses for all services should be in "default" namespace as well, instead of respective namespaces where underlying services are sitting? That means I have to deploy this ingress to "default" namespace (for example) apiVersion: extensions/v1beta1
Correct? |
@MilanDasek No, nginx ingress controller should be in default, and the ingress's should be in whichever namespace that service is in. The ingress MUST be in the same namespace as the service it is routing to. |
@qrpike so it is exactly how I have it set now. nginx ingress controller in default NS So what is the idea then? |
@MilanDasek Then it should work as expected. You dont need namespace in front of your service name. eg: |
Well but it isn't sometimes. I would like still to have a possibility to change large-client-header-buffers: "4 16k" |
@MilanDasek Check to make sure you dont have ingress's or services in the wrong namespaces. |
@MilanDasek you can change that setting using the configuration configmap. |
I have this apiVersion: v1 but when I search in nginx.conf in ingress I got only |
@MilanDasek client_max_body_size is configured with |
@MilanDasek just in case this feature is not present in 08.3. You need to use one of the 0.9 betas. |
@aledbf that is the problem, I use 0.8.3 ,but when I use 0.9.0-beta2, TCP stream stops working. my config: ingress RC I found out I have to change but tcp does not work I am following https://github.com/kubernetes/ingress/tree/master/controllers/nginx |
@MilanDasek can we close this then? |
Yes, thank you. |
Whenever I have a ingress controller which proxies to an ingress controller in a different namespace, I sometimes get "400 Bad Request: Request Header Or Cookie Too Large"
Note that I am also using Basic Auth on the second ingress controller.
Thanks,
The text was updated successfully, but these errors were encountered: