search

Azure / application-gateway-kubernetes-ingress

This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure Application Gateway to act as the ingress for an AKS cluster.
https://azure.github.io/application-gateway-kubernetes-ingress
MIT License
667 stars 413 forks source link

`appgw.ingress.kubernetes.io/appgw-ssl-profile` does not allow predefined ssl profiles #1606

Open coolhome opened 3 months ago

coolhome commented 3 months ago

Is your feature request related to a problem? Please describe. Predefined SSL Profiles exists without creating SSL Profile records for all Application Gateways. When you try to use a predefined SSL Policy your controller will emit the following error:

ignoring Ingress <redact> as it requires Application Gateway <redact> to have pre-installed ssl profile 'AppGwSslPolicy20220101'

Additional Information about these policies:

Get-AzApplicationGatewaySslPredefinedPolicy
MinProtocolVersion Name
------------------ ----
TLSv1_0            AppGwSslPolicy20150501
TLSv1_1            AppGwSslPolicy20170401
TLSv1_2            AppGwSslPolicy20170401S
TLSv1_2            AppGwSslPolicy20220101
TLSv1_2            AppGwSslPolicy20220101S

Describe the solution you'd like The ability to set predefined ssl policies using the names above.

c3-davidtran commented 2 months ago

I believe it's worth mentioning that AppGwSslPolicy20220101 is an SSL policy name and the issue is about having AGIC create a SSL profile using the SSL policy provided via annotations?