Request header or cookie too large 494

Kubernetes
1

Hello, can you help us with the issue:
Trying to do API gateway - add service, add route and try request to it trough Kubernetes service and it’s work(forward kong-proxy service to localhost), but when create Ingress resource its give us this error.
Also, trying to increase headers, buffers …
kong.conf:
client_body_buffer_size = 64k
nginx_upstream_keepalive = 360
server_tokens = off
nginx_http_ssl_protocols = TLSv1.2 TLSv1.3
proxy_listen = 0.0.0.0:8000, 0.0.0.0:8443 ssl
port_maps = 80:8000, 443:8443
nginx_proxy_proxy_busy_buffers_size = 256k
nginx_proxy_proxy_buffer_size = 128k
nginx_proxy_proxy_buffers = 4 256k
nginx_proxy_large_client_header_buffers = 4 64k

kong-proxy service:
kind: Service
apiVersion: v1
metadata:
name: kong-proxy
namespace: kong
annotations:
konghq.com/protocol: https
service.beta.kubernetes.io/aws-load-balancer-type: alb
spec:
ports:
- name: proxy
protocol: TCP
port: 80
targetPort: 8000
nodePort: 32483
- name: proxy-ssl
protocol: TCP
port: 443
targetPort: 8443
nodePort: 31020
selector:
app: ingress-kong
clusterIP: 172.20.19.200
type: NodePort
sessionAffinity: None
externalTrafficPolicy: Cluster
status:
loadBalancer: {}

gateway-ingress:
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: mec-api-gateway
namespace: kong
annotations:
konghq.com/protocols: https
kubernetes.io/ingress.class: kong
spec:
rules:
- host: api-gateway.example.com
http:
paths:
- path: /
backend:
serviceName: kong-proxy
servicePort: 443
status:
loadBalancer:
ingress:
- ip: 10.72.4.168
- ip: 10.72.9.86

2

You have the proxy service configured to use an ALB (possibly–the annotation is there but it’s also set up as a NodePort rather than a LoadBalancer, so I’m not exactly sure what’s up there). Those are HTTP-aware and can enforce their own head limits, which would explain why you don’t see the issue when port-forwarding. Can you check the configuration there and/or use a lower-level load balancer (network or TCP)?