ingress-nginx 1.12 & allow-snippet-annotations

As many might currently be updating nginx ingress controller to 1.12.1 (due to the recent CVEs), a word of caution if you've been using allow-snippet-annotations before.

Starting with ingress-nginx 1.12 there's a new feature, that allows to filter annotations by risk using annotations-risk-level. Snippet annotations are considered critical - the default filter allows everything up to high.

Long story short: Setting allow-snippet-annotations: true enables snippet annotations in general, the annotations-risk-level will still filter them out.

Quick fix: Add annotations-risk-level: Critical if you need to allow-snippet-annotations: true.
Real fix: Get rid of snippet annotations!