Update greenfield application gateway ingress deployment so it uses TLS 1.2

[OmpahDev]

Is there an existing issue for this?

• [X] I have searched the existing issues

Description

If the green_field_application_gateway_for_ingress parameter is being used to create an application gateway for ingress it gets deployed with the "Default" SSL policy which results in a TLS version of 1.0. This is a big security risk as 1.0 is outdated. Is it possible to update this module so that the application gateway that gets created uses TLS 1.2 instead?

New or Affected Resource(s)/Data Source(s)

azurerm_kubernetes_cluster

Potential Terraform Configuration

No response

References

No response

[zioproto]

The problem seems to come from the AGIC controller upstream: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-ssl-policy-overview#default-tls-policy

it probably uses an older API versions < 2023-02-01

Maybe this is the API version actually used ? https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/pkg/azure/client.go#L15

We can't fix this in Terraform because the Application Gateway is created by the AGIC controller in the greenfield scenario, so the AGIC controller should be fixed.

@tdevopsottawa would you mind opening an issue at https://github.com/Azure/application-gateway-kubernetes-ingress/issues ?

Please confirm my understanding of the problem is correct.

Thanks