Advice on using the gitlab helm chart on AKS with application gateway please

Hi
I’m trying to set up gitlab CE on Azure Kubernetes Service (AKS) using the helm charts. our company requires that any web service sits behind an Azure Application Gateway running Web Application Firewall. i’m setting this up as a pod follwong the instructions here: GitHub - Azure/application-gateway-kubernetes-ingress: This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure Application Gateway to act as the ingress for an AKS cluster.
i’m struggling to get gitlab to accept requests through the WAF - if i point the WAF at the nginx ingress controller or directly at the gitlab webservices instance i get a 502 bad gateway error…

i’ve tried running the helm chart without the ingress controller as well, following the instructions here:

how can i get the gitlab chart to work with an external application gateway on aks?

right - i’ve got gitlab serving the login page via an azure application gateway ingress controller. the answer was to create a ingress config in kubectl and point it at gitlab-webservice-default on port 8080. now however, i am faced with another problem; any attempt to log in, on any browser, from any machine, gets a 422 " The change you requested was rejected" response. i have not yet set up SSL, so it is http throughout, and i disabled certs with these settings in the helm install command:
1. Remove ingress controller
–set nginx-ingress.enabled=false
2. Disable tls
–set certmanager.install=false
–set global.ingress.configureCertmanager=false

any ideas?