Ensure Traffic Between Client and Load Balancer Use HTTPS Protocol Only

It recommended that all traffic between the client and the HTTP(S) load balancer to use HTTPS, you can disable HTTP by including the kubernetes.io/ingress.allow-http annotation in your Ingress manifest. Set the value of the annotation to "false".

Suggest Edits

Risk Level: high
Cloud Entity: Kubernetes
Spectral Rule ID: K8S273

REMEDIATION

set kubernetes.io/ingress.allow-http to 'false'

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
- kubernetes.io/ingress.allow-http: "true"
+ kubernetes.io/ingress.allow-http: "false"
spec:
tls:
- secretName: SECRET_NAME

References:

https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-xlb#disabling_http

Network Policies

A network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints.

Updated over 1 year ago