Add annotation to Gerrit-ingresses to allow larger body size
By default the Nginx-ingress blocks large request bodies (> 1 Mb),
which resulted in a returned status of 413, when trying to push commits
containing larger amounts of data.
This change adds an annotation to the ingress for the Gerrit master that
allows to configure the maximum request body size. The size limit is
configurable in the helm chart and defaults to 50 Mb. The annotation,
which already existed in the Apache-git-http-backend component of the
gerrit-slave chart and was set to an unlimited body size, is now also
configurable.
Change-Id: Ib0d6b412f6b1a3ae4aaba9f9848043f9ae02cfc6
diff --git a/helm-charts/gerrit-master/README.md b/helm-charts/gerrit-master/README.md
index dc62a6d..f34736b 100644
--- a/helm-charts/gerrit-master/README.md
+++ b/helm-charts/gerrit-master/README.md
@@ -155,6 +155,7 @@
| `gerritMaster.service.http.port` | Port over which to expose HTTP | `80` |
| `gerritMaster.ingress.host` | REQUIRED: Host name to use for the Ingress (required for Ingress) | `nil` |
| `gerritMaster.ingress.alias` | Optional: ALias host name for the Ingress | `nil` |
+| `gerritMaster.ingress.maxBodySize` | Maximum request body size allowed (Set to 0 for an unlimited request body size) | `50m` |
| `gerritMaster.ingress.tls.enabled` | Whether to enable TLS termination in the Ingress | `false` |
| `gerritMaster.ingress.tls.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
| `gerritMaster.ingress.tls.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
diff --git a/helm-charts/gerrit-master/templates/gerrit-master.ingress.yaml b/helm-charts/gerrit-master/templates/gerrit-master.ingress.yaml
index 64b883d..b72e8b0 100644
--- a/helm-charts/gerrit-master/templates/gerrit-master.ingress.yaml
+++ b/helm-charts/gerrit-master/templates/gerrit-master.ingress.yaml
@@ -7,10 +7,11 @@
chart: {{ template "gerrit-master.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
- {{ if .Values.gerritMaster.ingress.alias -}}
annotations:
+ nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.gerritMaster.ingress.maxBodySize | default "50m" }}
+ {{ if .Values.gerritMaster.ingress.alias -}}
nginx.ingress.kubernetes.io/server-alias: {{ .Values.gerritMaster.ingress.alias }}
- {{- end }}
+ {{- end }}
spec:
{{ if .Values.gerritMaster.ingress.tls.enabled -}}
tls:
@@ -24,4 +25,4 @@
paths:
- backend:
serviceName: {{ .Release.Name }}-gerrit-master-service
- servicePort: {{ .Values.gerritMaster.service.http.port }}
\ No newline at end of file
+ servicePort: {{ .Values.gerritMaster.service.http.port }}
diff --git a/helm-charts/gerrit-master/values.yaml b/helm-charts/gerrit-master/values.yaml
index 4808cfa..32ca249 100644
--- a/helm-charts/gerrit-master/values.yaml
+++ b/helm-charts/gerrit-master/values.yaml
@@ -113,6 +113,9 @@
# Provide a second host name used as an alias. Leave empty, if no alias is
# desired.
alias:
+ # The maximum body size to allow for requests. Use "0" to allow unlimited
+ # reuqest body sizes.
+ maxBodySize: 50m
tls:
enabled: false
cert: |-
diff --git a/helm-charts/gerrit-slave/README.md b/helm-charts/gerrit-slave/README.md
index 3abf951..bc55d6d 100644
--- a/helm-charts/gerrit-slave/README.md
+++ b/helm-charts/gerrit-slave/README.md
@@ -139,6 +139,7 @@
| `gitBackend.ingress.enabled` | Whether to deploy an Ingress | `false` |
| `gitBackend.ingress.host` | Host name to use for the Ingress (required for Ingress) | `nil` |
| `gitBackend.ingress.alias` | Optional: ALias host name for the Ingress | `nil` |
+| `gitBackend.ingress.maxBodySize` | Maximum request body size allowed (Set to 0 for an unlimited request body size) | `50m` |
| `gitBackend.ingress.tls.enabled` | Whether to enable TLS termination in the Ingress | `false` |
| `gitBackend.ingress.tls.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
| `gitBackend.ingress.tls.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
diff --git a/helm-charts/gerrit-slave/templates/gerrit-slave.ingress.yaml b/helm-charts/gerrit-slave/templates/gerrit-slave.ingress.yaml
index 1b6c448..11749f6 100644
--- a/helm-charts/gerrit-slave/templates/gerrit-slave.ingress.yaml
+++ b/helm-charts/gerrit-slave/templates/gerrit-slave.ingress.yaml
@@ -24,4 +24,4 @@
paths:
- backend:
serviceName: {{ .Release.Name }}-gerrit-slave-service
- servicePort: {{ .Values.gerritSlave.service.http.port }}
\ No newline at end of file
+ servicePort: {{ .Values.gerritSlave.service.http.port }}
diff --git a/helm-charts/gerrit-slave/templates/git-backend.ingress.yaml b/helm-charts/gerrit-slave/templates/git-backend.ingress.yaml
index 6d7354d..6b70044 100644
--- a/helm-charts/gerrit-slave/templates/git-backend.ingress.yaml
+++ b/helm-charts/gerrit-slave/templates/git-backend.ingress.yaml
@@ -9,7 +9,7 @@
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
annotations:
- nginx.ingress.kubernetes.io/proxy-body-size: "0"
+ nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.gitBackend.ingress.maxBodySize | default "50m" }}
{{ if .Values.gitBackend.ingress.alias -}}
nginx.ingress.kubernetes.io/server-alias: {{ .Values.gitBackend.ingress.alias }}
{{- end }}
@@ -30,4 +30,4 @@
# TODO: Allow encrypted communication between Ingress and Service
# A possible solution could be the annotation
# nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/helm-charts/gerrit-slave/values.yaml b/helm-charts/gerrit-slave/values.yaml
index 2e464d2..d7ed1f4 100644
--- a/helm-charts/gerrit-slave/values.yaml
+++ b/helm-charts/gerrit-slave/values.yaml
@@ -92,6 +92,9 @@
# Provide a second host name used as an alias. Leave empty, if no alias is
# desired.
alias:
+ # The maximum body size to allow for requests. Use "0" to allow unlimited
+ # reuqest body sizes.
+ maxBodySize: 50m
tls:
enabled: false
cert: |-
