Detections
Analytics

Ensure HTTP application routing has been disabled for Azure Kubernetes Cluster

HIGH

Description

The 'http_application_routing' add-on is designed to let you quickly create an ingress controller and access your applications. This add-on is not currently designed for use in a production environment and is not recommended for production use.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Kubernetes Services.
  2. Choose the cluster you wish to edit.
  3. Under Settings, choose Networking.
  4. Under Traffic Routing, uncheck the box for Enable HTTP application routing.

In Terraform -
For current Azure Provider versions:

  1. In the azurerm_kubernetes_cluster resource, set the field http_application_routing_enabled to false.

For Azure Provider versions prior to 2.90.x:

  1. In the azurerm_kubernetes_cluster resource, if there's an addon_profile block that contains an http_application_routing block, remove the block.
  2. Alternately, set the field http_application_routing.enabled to false.

References:
https://learn.microsoft.com/en-us/azure/aks/http-application-routing
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
https://registry.terraform.io/providers/hashicorp/azurerm/2.89.0/docs/resources/kubernetes_cluster

Policy Details

Rule Reference ID: AC_AZURE_0289
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_kubernetes_cluster
Resource Category: Compute
Resource Type: Azure Kubernetes Service (AKS)

Frameworks