Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only with contour global auth enabled, when I performed a HTTP Post with large content via envoy created by contour, the following error occurred. #5372

Closed
kahirokunn opened this issue May 16, 2023 · 2 comments
Closed

Only with contour global auth enabled, when I performed a HTTP Post with large content via envoy created by contour, the following error occurred. #5372

kahirokunn opened this issue May 16, 2023 · 2 comments
Labels
kind/question Categorizes an issue as a user question.

Comments

@kahirokunn
Copy link

kahirokunn commented May 16, 2023
edited
Loading

What steps did you take and what happened:

HTTP Status: 413
Response Body: Payload Too Large

htpasswd auth log

{"level":"info","ts":1684239116.7860026,"logger":"auth.htpasswd","msg":"checking request","host":"","path":"/api/v1/stream/applications?name=add-ons&appNamespace=argocd","id":"2929414755306897313"}

htpasswd deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: htpasswd
  namespace: projectcontour-auth
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/name: htpasswd
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: htpasswd
    spec:
      containers:
      - args:
        - htpasswd
        - --address=:9443
        command:
        - /contour-authserver
        image: projectcontour/contour-authserver:v2
        imagePullPolicy: IfNotPresent
        name: htpasswd
        ports:
        - containerPort: 9443
          name: auth
          protocol: TCP
        resources:
          limits:
            cpu: 100m
            memory: 90Mi
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      priorityClassName: system-cluster-critical
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: htpasswd
      serviceAccountName: htpasswd
      terminationGracePeriodSeconds: 30

envoy log

envoy [2023-05-16T12:12:59.260Z] "PUT /api/v1/applications/add-ons/spec HTTP/1.1" 413 - 11890 17 0 - "xx.xx.xx.xx,yy.yy.yy.yy" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36" "f49f18bf-ce2b-4afd-8e4a-f323ac25e4dd" "argocd-apth2-1-sample-1.i1.suin.appthrust.cloud" "-"

What did you expect to happen:

Anything else you would like to add:

Environment:

  • Contour version: v1.25.0
  • Envoy version: 1.26.1
  • Kubernetes version: (use kubectl version): Server Version: version.Info{Major:"1", Minor:"26+", GitVersion:"v1.26.2-eks-a59e1f0", GitCommit:"8b68f4b95d7121d039ceebd30870e48acc7772e4", GitTreeState:"clean", BuildDate:"2023-03-09T19:59:45Z", GoVersion:"go1.19.6", Compiler:"gc", Platform:"linux/amd64"}
  • Kubernetes installer & version: 1.26
  • Cloud provider or hardware configuration: EKS
  • OS (e.g. from /etc/os-release):
@kahirokunn kahirokunn added kind/bug Categorizes issue or PR as related to a bug. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor. labels May 16, 2023
@kahirokunn kahirokunn changed the title I made an HTTP Post with large contents via envoy created by contour and got the following error. Only with contour global auth enabled, when I performed a HTTP Post with large content via envoy created by contour, the following error occurred. May 16, 2023
@skriss
Copy link
Member

skriss commented May 16, 2023

@kahirokunn I would try increasing the maxRequestBytes for the auth server -- this would be in your HTTPProxy at spec.virtualhost.authorization.withRequestBody.maxRequestBytes (see https://projectcontour.io/docs/1.25/config/api/#projectcontour.io/v1.AuthorizationServerBufferSettings). Let us know if that helps.

@skriss skriss added kind/question Categorizes an issue as a user question. and removed kind/bug Categorizes issue or PR as related to a bug. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor. labels May 16, 2023
@kahirokunn
Copy link
Author

Thank you very much!
At first I wanted to open the payload size limit, so I set it to 4294967295 bytes and the problem was solved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/question Categorizes an issue as a user question.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skriss @kahirokunn