Alfresco fails to deploy due to CVE-2021-25742 changes to NGINX Admissions Controller

[torgerss]

I am trying to deploy Alfresco Enterprise using both the chart version 5.1.1 and 5.1.0 and receiving and error from the ingress-nginx-admissions-controller. The error is the the configuration-snippet is denied. Looking in to this it is due to changes related to CVE-2021-25742 and the vulnerability surrounding *-snippets.

Error message:
Error: admission webhook "validate.nginx.ingress.kubernetes.io" denied the request: nginx.ingress.kubernetes.io/configuration-snippet annotation cannot be used. Snippet directives are disabled by the Ingress administrator

also received error about ingress

Kubernetes version: 1.21.8
Host OS: Ubuntu 20.04
NGINX Ingress version: 3.7.1, 3.40.0 (latest stable)

Steps to reproduce:
1)Stand up new or use an an existing working kubernetes cluster (v 1.21.8)
2) From instructions on site setup ingress RBAC.
3) Run Ingress install with fix for CVE-2021-25742 (set --set controller.admissionWebhooks.enabled=true which denies *-snippet).
4) Install Alfresco using helm chart

[mteodori]

the vulnerability is potential and present only if the cluster administrator allows uncontrolled creation of ingress resources, at the moment those snippets are required to prevent exposing proxy and solr so until there is an alternative to block urls without the need to use nginx we don't plan to support admission webhooks enabled