I started using APISIX, and everything works fairly smooth out of the box. I managed to get cert-manager to work as well.
However, after enabling gateway.ingress I started running into 400 Bad Request - Request Header Or Cookie Too Large errors.
values.yaml:
gateway:
ingress:
enabled: true
className: "apisix"
annotations: {
cert-manager.io/cluster-issuer: letsencrypt
}
hosts:
- host: api.domain.ltd
paths: [/*]
tls:
- secretName: api-domain-ltd-tls
hosts:
- api.domain.ltd
After some debugging I realize that what's going on is that the upstream of the /* route created by apisix-ingress-controller is using pass_host: pass which results in a loop, and the 400 Bad Request occurs after n tries.
At least, that's the theory, since changing it to pass_host: node solves the problem, and this is replicable through the apisix pod. Solving the problem in the sense that it will return {"error_msg":"404 Route Not Found"}.
As a side note, this doesn't occur when you define additional path ie /path to a different upstream. That will resolve fine.
Anyway, what is the recommended way to deal with this situation? Am I supposed to use a different path, patch the upstream, just let it 400 if there's no specific path specified? Or am I missing something entirely?
I would generally ignore it, and let it 400 but it seems relatively prone to (D)DoS attacks to due the fact you can use it to amplify traffic (request * nretries).