Introduction

The Kubernetes Nginx Ingress server, which we described in a previous article, has a default allowed request body size that is quite low to avoid voluntary or involuntary DOS attacks.

You could set it to a higher value in the Ingress server config directly, but it's also possible to use annotations to do it per ingress resource. We think that's a good compromise and allows you to know exactly what is allowed per application.

Prerequesites

None except for having nginx-ingress installed.

In the latest article we installed it in a few seconds using Helm.

Annotations to use

It amounts to just adding these two lines in the metadata: annotations section of the ingress resource:

nginx.ingress.kubernetes.io/proxy-body-size: "600m"
nginx.org/client-max-body-size: "600m"

Here allowing a 600 MB request body.

Here's what a full ingress resource would look like:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: <RESOURCE_NAME>
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/tls-acme: "true"
    cert-manager.io/cluster-issuer: letsencrypt-prod
    ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/proxy-body-size: "600m"
    nginx.org/client-max-body-size: "600m"
spec:
  tls:
  - hosts:
    - <HTTPS_HOSTNAME>
    secretName:  <RESOURCE_NAME>
  rules:
  - host: <HTTPS_HOSTNAME>
    http:
      paths:
      - backend:
          serviceName: <BAKCEND_SERVICE_NAME>
          servicePort: <BACKEND_SERVICE_PORT>
        path: /

Wherein we're using cert-manager configured as in our first article on the matter.