Si ça continue, nous bloquerons Azure, AWS et consort 😡

#intelligenceArtificielle #ia #web #sysadmin #netadmin #kubernetes #nginx #ingressNginx

Well, this one was unexpected: https://github.com/tarampampam/error-pages/discussions/336

I just discovered that some of my services were open to the internet, thanks to the default-backend for my ingress-nginx changing the status codes when switching from v2 to v3 of the backend container…

It's not really a vulnerability, but somehow a security issue for potentially more people. My monitoring caught it, but I didn't really understand until I looked deeper into it.

#IngressNginx #kubernetes #errorPages

Just started again playing with #Kubernetes and #ingressnginx a few days ago - now I've fun with CVE-2025-1974
Yay...

🔐 Security Alert Resolved! 💪

CVE-2025-24513, 24514, 1097, 1098 & 1974 hit hard — but LetsConvert patched all issues within 12 hours! 🛡️

Your data stays safe. We're always on guard. 🚀
🔗 https://letsconvert.io/?utm_source=dlvr.it&utm_medium=mastodon

#CyberSecurity #CVE #SaaS #LetsConvert #IngressNginx #HackerNews 💪

9.8 Critical Vulnerabilities in Ingress Nginx

https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

#HackerNews #CriticalVulnerabilities #IngressNginx #Kubernetes #Security #CyberSecurity #WizBlog

Multiple vulnerabilities in ingress-Nginx (Score 9.8)

https://groups.google.com/g/kubernetes-security-announce/c/2qa9DFtN0cQ

#HackerNews #ingressNginx #vulnerabilities #security #Kubernetes #9.8 #CVE

C’est un peu des bourrins les robots des voleurs de l’intelligence artificielle, ça tape plusieurs fois par seconde.

J’ai bien tenté d’ajouter des entêtes X-Robots-Tag

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Robots-Tag

…mais ils n’en ont rien à faire, qui aurait pu prédire.

Je suis donc passé à l’étape suivante « block-user-agent » :

https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#block-user-agents

#intelligenceArtificielle #ia #web #sysadmin #netadmin #kubernetes #nginx #ingressNginx

Heads up #ingressNginx users!

Controller version 1.12 / chart 4.12, contains breaking changes.

Even though a minor release, one change blocks risky annotations like the 'snippet' annotations.

These are often used to block access to specific URLs, like /metrics.

An insecure workaround is to allow these annotations via values.yaml:

```
allowSnippetAnnotations: true
config:
annotations-risk-level: Critical
```

A more secure alternative would be to get rid of the annotation.

Got #MiniKube with the #MetalLB and #Ingress plugins, all good. However, I literally cannot figure out how to access my charts, containing #ClusterIP services with ingresses. If anyone has any ideas as to what I could try, all ears!

Tried through tunnel, mapped the Minikube IP to the domain in /etc/hosts, MetalLB is configured to a free IP subrange of the MK address.

Tried using #KVM but #Podman as well, rootless and not. Nothing seems to work.

#K8S #Kubernetes #DevOps #K3S #Helm #HelmChart #KubernetesHelm #IngressNginx #NGINX

Does anyone have any experience using #k3s on #Hetzner's #HetznerCloud? Trying to use #NGINX as an #ingress with #IngressNginx but I keep getting a 403 from registry.k8s.io when pulling the images and I cannot figure out why.

#K8S #Kubernetes #Rancher #DevOps #Cloud

Health probe issues on VIP clients cluster is going to be a recurring theme this weekend. #aks #ingressnginx #weekendwork

I‘m not sure if I should be happy that https://github.com/compumike/hairpin-proxy is the solution to my problem, or that it needs to be the solution because the underlying issue isn’t fixed by default in #k8s it’s not a super edgy edge case to have a #LoadBalancer set up using #ProxyProtocol and using #CertManager with #IngressNginx

#truenas metrics -> #ingressnginx #kubernetes -> #graphite -> #grafana