You've successfully subscribed to Nuvotex Blog
Great! Next, complete checkout for full access to Nuvotex Blog
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

ingress-nginx 1.12 & allow-snippet-annotations

If you need to use snippet annotations (why?) on ingress-nginx - you'll also need to adjust the annotation filtering.

Daniel Nachtrub
Daniel Nachtrub

As many might currently be updating nginx ingress controller to 1.12.1 (due to the recent CVEs), a word of caution if you've been using allow-snippet-annotations before.

Starting with ingress-nginx 1.12 there's a new feature, that allows to filter annotations by risk using annotations-risk-level. Snippet annotations are considered critical - the default filter allows everything up to high.

Long story short: Setting allow-snippet-annotations: true enables snippet annotations in general, the annotations-risk-level will still filter them out.

Quick fix: Add annotations-risk-level: Critical if you need to allow-snippet-annotations: true.
Real fix: Get rid of snippet annotations!

AzureCloudContainerKubernetesLinuxSecurity
Daniel Nachtrub

Daniel Nachtrub

Kind of likes computers. Linux foundation certified: LFCS / CKA / CKAD / CKS. Microsoft certified: Cybersecurity Architect Expert & Azure Solutions Architect Expert.

You might also like

Linux kernel keyrings, container isolation and maybe some kerberos

Linux kernel keyrings, container isolation and maybe some kerberos

On a recent project I've been stumbling on the case that kerberos tickets have been inadvertently shared across containers on a node - which obviously caught my attention as I'm not keen on sharing such secrets across workloads. This post describes why this happens and what to do to prevent this.

Daniel Nachtrub
Daniel Nachtrub
Kubernetes
Why you should use rook ceph on kubernetes (onprem)

Why you should use rook ceph on kubernetes (onprem)

If you run kubernetes on your own, you need to provide a storage solution with it. We are using ceph (operated through rook). This article gives some short overview about it's benefits and some pro's and con's of it.

Daniel Nachtrub
Daniel Nachtrub
Cloud

Authors →

Daniel Nachtrub

Kind of likes computers. Linux foundation certified: LFCS / CKA / CKAD / CKS. Microsoft certified: Cybersecurity Architect Expert & Azure Solutions Architect Expert.

Sebastian Augustin

Felix Zimmermann