Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Usage of configuration-snippet and server snippent issue in 4.12 version #12621

Closed
MichalGarnysz-TomTom opened this issue Jan 2, 2025 · 3 comments
Closed

Usage of configuration-snippet and server snippent issue in 4.12 version #12621

MichalGarnysz-TomTom opened this issue Jan 2, 2025 · 3 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-priority needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.

Comments

@MichalGarnysz-TomTom
Copy link

configuration part pulled newest version

repoURL: https://kubernetes.github.io/ingress-nginx
    targetRevision: ">= 4.9.0"
    chart: ingress-nginx
    helm:
      version: v3
      values: |
        controller:
          service:
            externalTrafficPolicy: Local
            annotations:
              service.beta.kubernetes.io/azure-load-balancer-internal: "true"
              service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /healthz
          allowSnippetAnnotations: true

and we startet to get
"admission webhook "validate.nginx.ingress.kubernetes.io" denied the request: annotation group ServerSnippet contains risky annotation based on ingress configuration"

our services used configuration-snippet like:

     nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "Access-Control-Allow-Origin: $http_origin";
@MichalGarnysz-TomTom MichalGarnysz-TomTom added the kind/bug Categorizes issue or PR as related to a bug. label Jan 2, 2025
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Jan 2, 2025
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@jurim76
Copy link

jurim76 commented Jan 2, 2025

The issue still exists even with disabled validation webhook

I0102 13:07:55.566522       7 store.go:440] "Found valid IngressClass" ingress="tooling/keycloak" ingressclass="nginx"
E0102 13:07:55.567357       7 store.go:938] annotation group ConfigurationSnippet contains risky annotation based on ingress configuration

@Gacko
Copy link
Member

Gacko commented Jan 3, 2025

Duplicate of #12618.

@Gacko Gacko closed this as completed Jan 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-priority needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
[SIG Network] Ingress NGINX
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Gacko @jurim76 @k8s-ci-robot @MichalGarnysz-TomTom