diff --git a/kube/deploy/core/ingress/ingress-nginx/app/hr.yaml b/kube/deploy/core/ingress/ingress-nginx/app/hr.yaml
index de5d8db1..114864fa 100644
--- a/kube/deploy/core/ingress/ingress-nginx/app/hr.yaml
+++ b/kube/deploy/core/ingress/ingress-nginx/app/hr.yaml
@@ -52,7 +52,7 @@ spec:
         keep-alive: 10
         large-client-header-buffers: 2 2k # hardened near CIS benchmarks of 2 1k, but needs increase due to auth services (e.g. Kanidm, Authentik, CloudFlare Zero Trust)
         block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go
-        allowSnippetAnnotations: "true" # used for authentik auth snippets
+        allow-snippet-annotations: "true" # used for authentik auth snippets
       resources:
         requests:
           cpu: 10m