在ingress 中添加自定义片段nginx.ingress.kubernetes.io/server-snippet 报错 admission webhook "validate.nginx.ingress.kubernetes.io" denied the request: nginx.ingress.kubernetes.io/server-snippet annotation cannot be used. Snippet directives are disabled by the Ingress administrator
nginx.ingress.kubernetes.io/server-snippet: |
if ( $request_uri ~* (/doc.html|/swagger)) {
return 403;
}原因:
是因为在ingress-nginx中发现了一个安全问题。具体可以参考 https://github.com/kubernetes/ingress-nginx/issues/7837
确认风险后 可以修改 nginx-ingress-controller实例的configmap: nginx-ingress-nginx-controller的 allow-snippet-annotations: “true”
修改完成之后就可以添加自定义片段注解了。