compliantkubernetes-apps icon indicating copy to clipboard operation
compliantkubernetes-apps copied to clipboard

Published 20 hours ago verified publisher icon elastisys

[3] Investigate enabling `allowSnippetAnnotations` for `server-snippet` use cases

Open raviranjanelastisys opened this issue 8 months ago • 0 comments

Proposed feature

There are some use cases where user would like to be able to use the nginx.ingress.kubernetes.io/server-snippet annotation as they would otherwise have to put in a very long list of webpages.

https://elastisys.io/compliantkubernetes/adr/0023-allow-snippets-annotations/

Please investigate what are security risk with allowing server-snippet and present in the architecture meeting.

Also, investigate as compared with configuration-snippet too.

Proposed alternatives

N/A

Additional context

We have already allowed the use of configuration-snippet which uses the same config option as server-snippet meaning no configuration change is needed, but for configuration-snippet we required users to accept some risks.

https://github.com/elastisys/ck8s-arch/issues/183

Definition of done

  • [ ] Security risks and other risks investigation documents result

raviranjanelastisys avatar Jun 05 '24 13:06 raviranjanelastisys