You've successfully subscribed to Nuvotex Blog
Great! Next, complete checkout for full access to Nuvotex Blog
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

ingress-nginx 1.12 & allow-snippet-annotations

If you need to use snippet annotations (why?) on ingress-nginx - you'll also need to adjust the annotation filtering.

Daniel Nachtrub
Daniel Nachtrub

As many might currently be updating nginx ingress controller to 1.12.1 (due to the recent CVEs), a word of caution if you've been using allow-snippet-annotations before.

Starting with ingress-nginx 1.12 there's a new feature, that allows to filter annotations by risk using annotations-risk-level. Snippet annotations are considered critical - the default filter allows everything up to high.

Long story short: Setting allow-snippet-annotations: true enables snippet annotations in general, the annotations-risk-level will still filter them out.

Quick fix: Add annotations-risk-level: Critical if you need to allow-snippet-annotations: true.
Real fix: Get rid of snippet annotations!

AzureCloudContainerKubernetesLinuxSecurity

Daniel Nachtrub

Kind of likes computers. Linux foundation certified: LFCS / CKA / CKAD / CKS. Microsoft certified: Cybersecurity Architect Expert & Azure Solutions Architect Expert.