Today I found myself needing to configure ingress-nginx. I needed to write a bit of nginx config to rewrite status codes for certain routes. Something like
nginx.ingress.kubernetes.io/configuration-snippet: |-
location /metrics {
return 404;
}
I’ve done this many times in the past, but today I received the following error
Error: UPGRADE FAILED: cannot patch "xyz" with kind Ingress: admission webhook "validate.nginx.ingress.kubernetes.io" denied the request: annotation group ConfigurationSnippet contains risky annotation based on ingress configuration
I already had
allowSnippetAnnotations: true
set, so this was confusing! It turns out, in a recent release (controller 1.12), annotations are flagged by risk. There’s a table [here](https://kubernetes.github.io/in…
Today I found myself needing to configure ingress-nginx. I needed to write a bit of nginx config to rewrite status codes for certain routes. Something like
nginx.ingress.kubernetes.io/configuration-snippet: |-
location /metrics {
return 404;
}
I’ve done this many times in the past, but today I received the following error
Error: UPGRADE FAILED: cannot patch "xyz" with kind Ingress: admission webhook "validate.nginx.ingress.kubernetes.io" denied the request: annotation group ConfigurationSnippet contains risky annotation based on ingress configuration
I already had
allowSnippetAnnotations: true
set, so this was confusing! It turns out, in a recent release (controller 1.12), annotations are flagged by risk. There’s a table here You now need to specify
annotations-risk-level: Critical
in the configmap. If you’re using the helm chart, it can be added like so
controller:
config:
annotations-risk-level: Critical