Introduction
The Kubernetes Nginx Ingress server, which we described in a previous article, has a default allowed request body size that is quite low to avoid voluntary or involuntary DOS attacks.
You could set it to a higher value in the Ingress server config directly, but it's also possible to use annotations to do it per ingress resource. We think that's a good compromise and allows you to know exactly what is allowed per application.
Prerequesites
None except for having nginx-ingress installed.
In the latest article we installed it in a few seconds using Helm.
Annotations to use
It amounts to just adding these two lines in the metadata: annotations section of the ingress resource:
nginx.ingress.kubernetes.io/proxy-body-size: "600m"
nginx.org/client-max-body-size: "600m"
Here allowing a 600 MB request body.
Here's what a full ingress resource would look like:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: <RESOURCE_NAME>
annotations:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-body-size: "600m"
nginx.org/client-max-body-size: "600m"
spec:
tls:
- hosts:
- <HTTPS_HOSTNAME>
secretName: <RESOURCE_NAME>
rules:
- host: <HTTPS_HOSTNAME>
http:
paths:
- backend:
serviceName: <BAKCEND_SERVICE_NAME>
servicePort: <BACKEND_SERVICE_PORT>
path: /
Wherein we're using cert-manager configured as in our first article on the matter.