Implementing Azure AD login for a service running in a K3S cluster, I got a "502 bad gateway" as the final step of the OAuth process. Looking in the nginx logs gave me this: Upstream sent too big header while reading response header from upstream
The error message is pretty clear - Azure is POSTing a ginormous header in the form of a cookie with the token etc. as the final step of the OAuth login process. Too big for nginx's default header size limit.
The Fix
Add this to your ingress. You only have to apply it to the specific ingress for the service that has the problem, you don't need to change other ingresses or the general configuration of nginx in your cluster. Adapt values to suit your needs.
nginx.ingress.kubernetes.io/proxy-body-size: 100m
nginx.ingress.kubernetes.io/proxy-buffer-size: 256k
nginx.ingress.kubernetes.io/proxy-buffering: 'on'
nginx.ingress.kubernetes.io/proxy-buffers-number: '4'
nginx.ingress.kubernetes.io/proxy-max-temp-file-size: 1024m