From 175c08df50dbbd96ab7854dd5228224544e2a839 Mon Sep 17 00:00:00 2001
From: Anatolii Bazko <abazko@redhat.com>
Date: Wed, 13 May 2026 11:58:11 +0200
Subject: [PATCH 1/2] chore: Configure maxResponseBodySize for traefik

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
---
 pkg/deploy/gateway/traefik_config.go      |  7 ++++---
 pkg/deploy/gateway/traefik_config_util.go | 10 +++++++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/pkg/deploy/gateway/traefik_config.go b/pkg/deploy/gateway/traefik_config.go
index 0c359c63ea..63d3fa38c1 100644
--- a/pkg/deploy/gateway/traefik_config.go
+++ b/pkg/deploy/gateway/traefik_config.go
@@ -62,9 +62,10 @@ type TraefikConfigStripPrefix struct {
 }
 
 type TraefikConfigForwardAuth struct {
-	Address            string            `json:"address"`
-	TrustForwardHeader bool              `json:"trustForwardHeader"`
-	TLS                *TraefikConfigTLS `json:"tls,omitempty"`
+	Address             string            `json:"address"`
+	TrustForwardHeader  bool              `json:"trustForwardHeader"`
+	TLS                 *TraefikConfigTLS `json:"tls,omitempty"`
+	MaxResponseBodySize *int              `json:"maxResponseBodySize,omitempty"`
 }
 
 type TraefikConfigErrors struct {
diff --git a/pkg/deploy/gateway/traefik_config_util.go b/pkg/deploy/gateway/traefik_config_util.go
index 78b96a71cd..fa67ad776a 100644
--- a/pkg/deploy/gateway/traefik_config_util.go
+++ b/pkg/deploy/gateway/traefik_config_util.go
@@ -12,6 +12,8 @@
 
 package gateway
 
+import "k8s.io/utils/pointer"
+
 const (
 	StripPrefixMiddlewareSuffix   = "-strip-prefix"
 	HeaderRewriteMiddlewareSuffix = "-header-rewrite"
@@ -88,8 +90,9 @@ func (cfg *TraefikConfig) AddOpenShiftTokenCheck(componentName string) {
 	cfg.HTTP.Routers[componentName].Middlewares = append(cfg.HTTP.Routers[componentName].Middlewares, middlewareName)
 	cfg.HTTP.Middlewares[middlewareName] = &TraefikConfigMiddleware{
 		ForwardAuth: &TraefikConfigForwardAuth{
-			Address:            "https://kubernetes.default.svc/apis/user.openshift.io/v1/users/~",
-			TrustForwardHeader: true,
+			Address:             "https://kubernetes.default.svc/apis/user.openshift.io/v1/users/~",
+			TrustForwardHeader:  true,
+			MaxResponseBodySize: pointer.Int(1048576),
 			TLS: &TraefikConfigTLS{
 				InsecureSkipVerify: true,
 			},
@@ -102,7 +105,8 @@ func (cfg *TraefikConfig) AddAuth(componentName string, authAddress string) {
 	cfg.HTTP.Routers[componentName].Middlewares = append(cfg.HTTP.Routers[componentName].Middlewares, middlewareName)
 	cfg.HTTP.Middlewares[middlewareName] = &TraefikConfigMiddleware{
 		ForwardAuth: &TraefikConfigForwardAuth{
-			Address: authAddress,
+			Address:             authAddress,
+			MaxResponseBodySize: pointer.Int(1048576),
 		},
 	}
 }

From aec4f9b0787a2fad90266481c2b0e3472dc8be88 Mon Sep 17 00:00:00 2001
From: Anatolii Bazko <abazko@redhat.com>
Date: Wed, 13 May 2026 13:49:05 +0200
Subject: [PATCH 2/2] chore: Configure maxResponseBodySize for traefik

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
---
 pkg/deploy/gateway/traefik_config_util.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/deploy/gateway/traefik_config_util.go b/pkg/deploy/gateway/traefik_config_util.go
index fa67ad776a..7fee4a9cce 100644
--- a/pkg/deploy/gateway/traefik_config_util.go
+++ b/pkg/deploy/gateway/traefik_config_util.go
@@ -92,7 +92,7 @@ func (cfg *TraefikConfig) AddOpenShiftTokenCheck(componentName string) {
 		ForwardAuth: &TraefikConfigForwardAuth{
 			Address:             "https://kubernetes.default.svc/apis/user.openshift.io/v1/users/~",
 			TrustForwardHeader:  true,
-			MaxResponseBodySize: pointer.Int(1048576),
+			MaxResponseBodySize: pointer.Int(16384), // 16KB
 			TLS: &TraefikConfigTLS{
 				InsecureSkipVerify: true,
 			},
@@ -106,7 +106,7 @@ func (cfg *TraefikConfig) AddAuth(componentName string, authAddress string) {
 	cfg.HTTP.Middlewares[middlewareName] = &TraefikConfigMiddleware{
 		ForwardAuth: &TraefikConfigForwardAuth{
 			Address:             authAddress,
-			MaxResponseBodySize: pointer.Int(1048576),
+			MaxResponseBodySize: pointer.Int(16384), // 16KB
 		},
 	}
 }