Funnel all app ingress through TLS

[mogul]

User Story

In order to ensure security from the outside world to our brokered cluster, we want provision TLS certificates with ACM and have the ingress ALB configured to use them.

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

• [ ] GIVEN I have provisioned an EKS instance \ AND I have deployed a sample workload (eg the 2048 game) \ WHEN I visit the URL listed in the kubernetes ingress for the sample workload \ THEN I see that I am redirected from http:// to https:// \ AND I see that there is a valid certificate in place for the TLS connection.

Background

Federal compliance requires that we use TLS for any connection over the internet.

Security Considerations (required)

Implementing this story helps us comply with the SC family of NIST controls

Sketch

Here are the docs on setting up cert auto-discovery and redirecting HTTP to HTTPS.

[mogul]

Moving this one backward since this was broken during our sprint review today (the listener was missing on the ALB).