Given following AKS advisor recommendation "Kubernetes clusters should be accessible only over HTTPS" with following remediation steps:
I added the annotation kubernetes.io/ingress.allow-http: "false"
to my ingress resource. TLS configuration is IMHO fulfilled too, this results in following ingress manifest:
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: nginx
meta.helm.sh/release-name: my-release-name
meta.helm.sh/release-namespace: my-namespace
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/rewrite-target: /$1
creationTimestamp: "2021-09-28T12:37:21Z"
generation: 1
labels:
app.kubernetes.io/managed-by: Helm
name: my-service
namespace: my-namespace
resourceVersion: "xxx"
uid: xxx
spec:
rules:
- host: my-service.my-domain.com
http:
paths:
- backend:
service:
name: my-service
port:
number: 443
path: /(.*)
pathType: ImplementationSpecific
tls:
- hosts:
- my-service.my-domain.com
secretName: my-ingress-tls
status:
loadBalancer:
ingress:
- ip: 10.xxx.xxx.xxx
... but the resource is still being listed for this recommendation. What do I miss here, what should I change in order to fulfill this recommendation?
Kindly use below annotations in Ingress resource to resolve this alert
kubernetes.io/ingress.allow-http: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"