/
Kubernetes Clusters Should Be Accessible Only Over HTTPS

Kubernetes Clusters Should Be Accessible Only Over HTTPS

Owned by Former user (Deleted)
Aug 17, 2021
1 min read

Description:

Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for AKS Engine and Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc



Solution/Reference: 

From the unhealthy resources tab, select the cluster. Security Center lists the ingress objects that are accessible without HTTPS.
1. Disable HTTP by including the kubernetes.io/ingress.allow-http annotation in your ingress manifest. Set the value of the annotation to "false".
2. Add the Transport Layer Security (TLS) configuration to your ingress manifest. After making your changes, redeploy the updated ingress object.

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/policy-for-kubernetes

Related content

Kubernetes API Server Should Be Configured With Restricted Access
Kubernetes API Server Should Be Configured With Restricted Access
CUIT CyberSecurity
More like this
Ensure Master authorized networks is set to Enabled on Kubernetes Engine Clusters
Ensure Master authorized networks is set to Enabled on Kubernetes Engine Clusters
CUIT CyberSecurity
More like this
Ensure Kubernetes Cluster is created with Client Certificate enabled
Ensure Kubernetes Cluster is created with Client Certificate enabled
CUIT CyberSecurity
More like this
Pod Security Policies Should be Defined on Kubernetes Services (Deprecated)
Pod Security Policies Should be Defined on Kubernetes Services (Deprecated)
CUIT CyberSecurity
More like this
Ensure Basic Authentication is disabled on Kubernetes Engine Clusters
Ensure Basic Authentication is disabled on Kubernetes Engine Clusters
CUIT CyberSecurity
More like this
Usage of Host Networking and Ports Should be Restricted
Usage of Host Networking and Ports Should be Restricted
CUIT CyberSecurity
More like this