Open OmpahDev opened 6 months ago
The problem seems to come from the AGIC controller upstream: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-ssl-policy-overview#default-tls-policy
it probably uses an older API versions < 2023-02-01
Maybe this is the API version actually used ? https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/pkg/azure/client.go#L15
We can't fix this in Terraform because the Application Gateway is created by the AGIC controller in the greenfield scenario, so the AGIC controller should be fixed.
@tdevopsottawa would you mind opening an issue at https://github.com/Azure/application-gateway-kubernetes-ingress/issues ?
Please confirm my understanding of the problem is correct.
Thanks
Is there an existing issue for this?
Description
If the
green_field_application_gateway_for_ingress
parameter is being used to create an application gateway for ingress it gets deployed with the "Default" SSL policy which results in a TLS version of 1.0. This is a big security risk as 1.0 is outdated. Is it possible to update this module so that the application gateway that gets created uses TLS 1.2 instead?New or Affected Resource(s)/Data Source(s)
azurerm_kubernetes_cluster
Potential Terraform Configuration
No response
References
No response