diff --git a/roles/external-ingress-nginx/defaults/main.yaml b/roles/external-ingress-nginx/defaults/main.yaml
index 60fbdf5..76d15e6 100644
--- a/roles/external-ingress-nginx/defaults/main.yaml
+++ b/roles/external-ingress-nginx/defaults/main.yaml
@@ -6,6 +6,7 @@ external_ingress_nginx_default_values:
       use-proxy-protocol: true
       use-forward-headers: true
       compute-full-forward-for: true
+      annotations-risk-level: Critical
     publishService:
       enabled: true
     scope:
@@ -17,3 +18,4 @@ external_ingress_nginx_default_values:
     ingressClassResource:
       name: "{{ external_ingress_class }}"
       controllerValue: "k8s.io/{{ external_ingress_class }}"
+    allowSnippetAnnotations: true
diff --git a/roles/gitea/defaults/main.yaml b/roles/gitea/defaults/main.yaml
index ed3def6..9806bb8 100644
--- a/roles/gitea/defaults/main.yaml
+++ b/roles/gitea/defaults/main.yaml
@@ -122,6 +122,8 @@ gitea_publish_ingress_nginx_values:
 gitea_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
 gitea_ingress_nginx_default_values:
   controller:
+    config:
+      annotations-risk-level: Critical
     containerPort:
       ssh: 22
       http: 80
@@ -148,6 +150,7 @@ gitea_ingress_nginx_default_values:
     ingressClassResource:
       name: "{{ gitea_ingress_class }}"
       controllerValue: "k8s.io/{{ gitea_ingress_class }}"
+    allowSnippetAnnotations: true
   tcp: 
     22: "{{ gitea_namespace | default(namespace) }}/{{ namespace }}-gitea-ssh:22"
 
diff --git a/roles/internal-ingress-nginx/defaults/main.yaml b/roles/internal-ingress-nginx/defaults/main.yaml
index 57b6351..78387d9 100644
--- a/roles/internal-ingress-nginx/defaults/main.yaml
+++ b/roles/internal-ingress-nginx/defaults/main.yaml
@@ -1,6 +1,8 @@
 internal_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
 internal_ingress_nginx_default_values:
   controller:
+    config:
+      annotations-risk-level: Critical
     publishService:
       enabled: true
     scope:
@@ -11,3 +13,4 @@ internal_ingress_nginx_default_values:
     ingressClassResource:
       name: "{{ internal_ingress_class }}"
       controllerValue: "k8s.io/{{ internal_ingress_class }}"
+    allowSnippetAnnotations: true
diff --git a/roles/local-ingress-nginx/defaults/main.yaml b/roles/local-ingress-nginx/defaults/main.yaml
index a07a31d..2d5d9f4 100644
--- a/roles/local-ingress-nginx/defaults/main.yaml
+++ b/roles/local-ingress-nginx/defaults/main.yaml
@@ -1,6 +1,8 @@
 local_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
 local_ingress_nginx_default_values:
   controller:
+    config:
+      annotations-risk-level: Critical
     publishService:
       enabled: true
     scope:
@@ -11,3 +13,4 @@ local_ingress_nginx_default_values:
     ingressClassResource:
       name: "{{ local_ingress_class }}"
       controllerValue: "k8s.io/{{ local_ingress_class }}"
+    allowSnippetAnnotations: true