NGINX: disable allowSnippetAnnotations by default
What does this MR do?
NGINX: disable allowSnippetAnnotations by default
Disables `nginx-ingress.controller.allowSnippetAnnotations` by
default to address CVE-2021-25742.
Related issue:
https://github.com/kubernetes/ingress-nginx/issues/7837
Docs:
https://github.com/kubernetes/ingress-nginx/blob/helm-chart-4.0.6/docs/user-guide/nginx-configuration/configmap.md#allow-snippet-annotations
Closes https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2941
Changelog: changed
Related issues
Closes #2941
Testing
$ helm template gitlab . --set certmanager-issuer.email=a@b.com --show-only charts/nginx-ingress/templates/controller-configmap.yaml | grep allow-snippet-annotations
allow-snippet-annotations: "false"
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for omnibus-gitlab opened
Closes #2941
Edited by Mitchell Nielsen